Skills
skills/anthropics/life-sciences/clinical-trial-protocol-skill/Gen Agent Trust Hub

clinical-trial-protocol-skill

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • PROMPT_INJECTION (HIGH): The skill contains an inherent vulnerability to Indirect Prompt Injection.
  • Ingestion points: references/00-initialize-intervention.md allows users to provide 'rich initial context' (e.g., technical specs, research data) and 'Custom Protocol Templates' (.md files).
  • Boundary markers: There are no explicit instructions or delimiters to isolate this user-provided content from the agent's instructions.
  • Capability inventory: The skill uses the cat command and writes to the local filesystem (waypoints/).
  • Sanitization: No sanitization or validation of the input file content is mentioned.
  • COMMAND_EXECUTION (MEDIUM): In references/05-concatenate-protocol.md, the skill explicitly instructs the agent to use the cat shell command to merge files. While this is a common utility, using cat via a shell environment to combine multiple files into a new one can be exploited if the file names or paths are manipulated.
  • EXTERNAL_DOWNLOADS (MEDIUM): The README.md and references/00-initialize-intervention.md mention dependencies on a 'ClinicalTrials.gov MCP Server' and 'WebSearch' for FDA documents. These introduce external data that the agent must process, further expanding the indirect prompt injection surface.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 12:53 AM