tm-search
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: Documentation suggests installing standard packages 'requests' and 'playwright' from official registries to support API interaction and web automation.
- [CREDENTIALS_UNSAFE]: The skill uses placeholders like 'YOUR_KEY_HERE' for API authentication and contains no hardcoded secrets.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface. Details:
- Ingestion points: USPTO trademark search results and user-provided text files (scripts/tm_search.py).
- Boundary markers: No explicit boundary markers or 'ignore embedded instructions' warnings are present in the processing logic.
- Capability inventory: Performs network requests via 'requests' and 'playwright', and writes results to local CSV files.
- Sanitization: Implements basic string cleaning, including auto-uppercasing, whitespace stripping, and digit filtering for serial numbers.
- [COMMAND_EXECUTION]: The Python script includes standard CLI functionality for reading from and writing to the local filesystem, which is required for its batch processing and results-saving features.
Audit Metadata