clinical-trial-protocol-skill
Fail
Audited by Gen Agent Trust Hub on Mar 28, 2026
Risk Level: CRITICALCOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [EXTERNAL_DOWNLOADS]: Automated security scanners identified a blacklisted malicious URL (manderson.org) within the asset file
assets/FDA-Clinical-Protocol-Template.md. The domain is known for phishing and malicious activity, and its presence in a clinical research tool is a significant security risk. - [COMMAND_EXECUTION]: In
references/04-protocol-operations.md, the skill executes a local Python script using shell commands that interpolate user-provided numerical parameters directly into the argument string without sanitization. This pattern enables arbitrary command injection if an attacker provides crafted strings. - [PROMPT_INJECTION]: The skill's architecture for ingesting 'initial_context' documentation lacks security boundaries or sanitization. 1. Ingestion Points:
references/00-initialize-intervention.md(initial documentation) andreferences/02-protocol-foundation.md(custom user templates). 2. Boundary markers: Absent. 3. Capability Inventory: Shell command execution for file concatenation and local script execution. 4. Sanitization: Absent.
Recommendations
- AI detected serious security threats
- Contains 2 malicious URL(s) - DO NOT USE
Audit Metadata