agentic-paper-digest-skill
Fetches and summarizes recent research papers from arXiv and Hugging Face, providing JSON outputs for further analysis.
Install this skill
or
57/100
Security score
The agentic-paper-digest-skill skill was audited on May 20, 2026 and we found 11 security issues across 3 threat categories. Review the findings below before installing.
Categories Tested
Security Issues
medium line 55
Curl to non-GitHub URL
SourceSKILL.md
| 55 | curl -X POST http://127.0.0.1:8000/api/run |
medium line 56
Curl to non-GitHub URL
SourceSKILL.md
| 56 | curl http://127.0.0.1:8000/api/status |
medium line 57
Curl to non-GitHub URL
SourceSKILL.md
| 57 | curl http://127.0.0.1:8000/api/papers |
medium line 72
Access to .env file
SourceSKILL.md
| 72 | Config files live in `PROJECT_DIR/config`. Environment variables can be set in the shell or via a `.env` file. The wrappers here auto-load `.env` from `PROJECT_DIR` (override with `ENV_FILE=/path/to/. |
medium line 74
Access to .env file
SourceSKILL.md
| 74 | **Environment (.env or exported vars)** |
medium line 111
Access to .env file
SourceSKILL.md
| 111 | 5. **Create or verify `.env`**: |
medium line 112
Access to .env file
SourceSKILL.md
| 112 | - If `.env` is missing, create it from `.env.example` (in the repo), then ask the user to fill keys and any requested preferences. |
medium line 134
Access to .env file
SourceSKILL.md
| 134 | - Empty results: increase `WINDOW_HOURS` or verify the API key in `.env`. |
low line 55
External URL reference
SourceSKILL.md
| 55 | curl -X POST http://127.0.0.1:8000/api/run |
low line 56
External URL reference
SourceSKILL.md
| 56 | curl http://127.0.0.1:8000/api/status |
low line 57
External URL reference
SourceSKILL.md
| 57 | curl http://127.0.0.1:8000/api/papers |
Scanned on May 20, 2026
View Security Dashboard