nature-literature-pipeline

Pass

Audited by Gen Agent Trust Hub on Jun 30, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill is designed to ingest and process untrusted data from external scholarly sources (such as arXiv, OpenAlex, and Crossref), which creates a surface for indirect prompt injection.
  • Ingestion points: Automated retrieval from academic APIs defined in SKILL.md and templates/literature-push-template.md.
  • Boundary markers: No explicit boundary markers or 'ignore embedded instructions' warnings are defined for the reading/summarization phase.
  • Capability inventory: The skill has access to send_message (for delivery to Feishu/Telegram), cronjob (for scheduling), and filesystem write access (for archival in references/note-template.md).
  • Sanitization: There is no evidence of sanitization or escaping of external content before it is processed by the agent.
  • [COMMAND_EXECUTION]: The skill uses persistence and describes automated file manipulation logic.
  • Persistence: The skill's primary function includes creating and managing automated tasks via the cronjob tool (references/cron-setup.md).
  • Automated Scripting: references/note-template.md provides a 'Bulk Standardization' logic pattern that instructs the agent to perform mass file system operations (read, regex-based modification, and renaming) on literature notes.
  • [EXTERNAL_DOWNLOADS]: The README.md provides installation instructions that involve cloning a repository from GitHub (github.com/Yuan1z0825/nature-skills.git). This is a documented installation step for the author's own code.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 30, 2026, 02:18 AM
Security Audit — agent-trust-hub — nature-literature-pipeline