Oathe Security Badge

Is Chinelytra/academic-citation-audit-skill safe?

https://github.com/Chinelytra/academic-citation-audit-skill

92
SAFE

This academic citation audit skill appears legitimate and safe, providing comprehensive tools for verifying manuscript references, detecting fabricated citations, and ensuring bibliographic accuracy. The functionality matches its description with no evidence of malicious intent.

Category Scores

Prompt Injection 95/100 · 30%
Data Exfiltration 85/100 · 25%
Code Execution 90/100 · 20%
Clone Behavior 95/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 95/100 · 5%

Findings (3)

LOW System Process Canary Access -15

Multiple sensitive files (.env, SSH keys, AWS credentials) were accessed during the audit period, but analysis indicates these accesses were from system processes (sudo, sshd, tcpdump) during audit setup rather than the skill itself.

LOW Executable Python Scripts -10

The skill contains executable Python code for document processing and CrossRef API queries. Code review shows legitimate academic functionality with no malicious behavior.

INFO External API References -5

Skill instructions reference CrossRef API and web search verification as part of legitimate citation checking workflow.