nature-reader
Pass
Audited by Gen Agent Trust Hub on Jun 14, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted external content from research papers (PDFs, HTML, and identifiers), which creates a potential surface for indirect prompt injection. While the workflow defines structured output formats, it lacks explicit instructions for the agent to disregard or isolate instructions embedded within the processed research text.
- Ingestion points:
static/fragments/source/pdf-text.md,static/fragments/source/scanned-pdf.md,static/fragments/source/html.md,static/fragments/source/doi-arxiv.md, andstatic/fragments/source/pasted-text.md. - Boundary markers: No explicit delimiters or safety warnings for the agent are used to isolate the source text from instructions.
- Capability inventory: File system write access (
paper.md,source_map.json,assets/), network access (resolution of arXiv and DOI links), and sub-skill invocation (e.g.,pdfskill). - Sanitization: No filtering or sanitization of external text content is described in the workflow.
- [EXTERNAL_DOWNLOADS]: The skill performs network operations to resolve DOI and arXiv identifiers to retrieve article metadata and full-text content from established academic repositories (
static/fragments/source/doi-arxiv.md). These requests target well-known academic services and are essential for the skill's intended operation.
Audit Metadata