pm-navigate-pages
Pass
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill fetches data from well-known scientific APIs provided by the National Center for Biotechnology Information (NCBI) at
ncbi.nlm.nih.gov. These are trusted sources for medical and biological research data. - [COMMAND_EXECUTION]: Uses
evaluate_scriptto perform asynchronous network requests and process JSON data within the browser environment. This is a standard implementation for skills requiring API interaction or web scraping. - [DATA_EXPOSURE]: Ingests search result metadata (titles, authors, journals) from external sources. While this presents a potential surface for indirect prompt injection if an attacker could control PubMed search results, the skill specifically extracts structured bibliographic fields, which significantly limits the risk of instruction override.
Audit Metadata