clinicaltrials-database
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- Data Exposure & Exfiltration (LOW): The script performs network requests to 'clinicaltrials.gov'. While this domain is a legitimate government resource and central to the script's primary purpose, it is not included in the predefined whitelist of trusted domains.- Indirect Prompt Injection (LOW): The skill ingests untrusted data from an external API and processes it for output to the agent. This represents a potential attack surface where instructions embedded in clinical trial descriptions could attempt to influence agent behavior.
- Ingestion points: JSON responses from
search_studiesandget_study_detailsfunctions. - Boundary markers: No delimiters or 'ignore instructions' warnings are used when processing the API response.
- Capability inventory: The script is limited to network GET operations and data extraction; it lacks file-write or command execution capabilities.
- Sanitization: Data is extracted into dictionaries without sanitization or filtering of potential injection strings.
Audit Metadata