openalex-database
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- Data Exposure & Exfiltration (SAFE): The skill transmits a user-provided email to the OpenAlex API and performs network requests to retrieve metadata. These actions are essential for the primary research purpose of the skill and do not involve unauthorized access to sensitive system data.\n- Indirect Prompt Injection (LOW): The skill ingests external data (academic paper metadata) from the OpenAlex API. While this creates a surface for indirect prompt injection, the risk is minimal as the skill lacks high-privilege execution capabilities like arbitrary shell command execution or unsafe deserialization.\n
- Ingestion points:
scripts/query_helpers.py(via API client requests) andreferences/common_queries.md(via direct DOI lookup requests).\n - Boundary markers: None present; the skill assumes trusted structured data from the academic API.\n
- Capability inventory: Network operations via the
requestslibrary and local file writing for CSV exports.\n - Sanitization: No explicit sanitization or filtering of API-returned strings was observed in the provided code.
Audit Metadata