fastpaper
Pass
Audited by Gen Agent Trust Hub on Apr 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill relies on a pre-installed standalone CLI utility called "fastpaper" to search, download, and extract text from academic papers. This tool is executed via shell commands within the agent's environment.- [PROMPT_INJECTION]: The skill has an attack surface for indirect prompt injection because it ingests and processes full-text data from numerous external academic sources (such as arXiv, PubMed, and Semantic Scholar) as well as local PDF files.
- Ingestion points: Data is pulled into the agent's context through "fastpaper read" and "fastpaper get" operations targeting remote URLs or local files.
- Boundary markers: The provided instructions do not include markers or delimiters to help the agent distinguish between its instructions and the content of the academic papers.
- Capability inventory: The agent utilizing this skill may have additional capabilities (such as file writes or shell access) that could be exploited if malicious instructions are encountered in a processed document.
- Sanitization: There is no mention of content sanitization or instruction-filtering for the retrieved academic text.
Audit Metadata