nature-literature-pipeline
Pass
Audited by Gen Agent Trust Hub on Jun 30, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill is designed to ingest and process untrusted data from external scholarly sources (such as arXiv, OpenAlex, and Crossref), which creates a surface for indirect prompt injection.
- Ingestion points: Automated retrieval from academic APIs defined in
SKILL.mdandtemplates/literature-push-template.md. - Boundary markers: No explicit boundary markers or 'ignore embedded instructions' warnings are defined for the reading/summarization phase.
- Capability inventory: The skill has access to
send_message(for delivery to Feishu/Telegram),cronjob(for scheduling), and filesystem write access (for archival inreferences/note-template.md). - Sanitization: There is no evidence of sanitization or escaping of external content before it is processed by the agent.
- [COMMAND_EXECUTION]: The skill uses persistence and describes automated file manipulation logic.
- Persistence: The skill's primary function includes creating and managing automated tasks via the
cronjobtool (references/cron-setup.md). - Automated Scripting:
references/note-template.mdprovides a 'Bulk Standardization' logic pattern that instructs the agent to perform mass file system operations (read, regex-based modification, and renaming) on literature notes. - [EXTERNAL_DOWNLOADS]: The
README.mdprovides installation instructions that involve cloning a repository from GitHub (github.com/Yuan1z0825/nature-skills.git). This is a documented installation step for the author's own code.
Audit Metadata