uspto-database
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [SAFE] (SAFE): No malicious patterns or security vulnerabilities were detected in the provided files. The skill correctly implements API interactions using the standard
requestslibrary and the domain-specificuspto-opendata-pythonpackage. Credentials (API keys) are managed securely via environment variables or explicit parameters rather than being hardcoded.\n- [Indirect Prompt Injection] (SAFE): The skill possesses an ingestion surface for untrusted data from USPTO API responses (e.g., patent abstracts, titles, and office action text), but it lacks dangerous capabilities that would make this surface exploitable.\n - Ingestion points:
scripts/patent_search.py(lines 74-124) andscripts/peds_client.py(lines 52-124).\n - Boundary markers: Absent; data is returned as raw objects or simple formatted strings.\n
- Capability inventory: Limited to information retrieval and formatting. There are no subprocess calls, file-write operations, or network exfiltration paths associated with the processed data.\n
- Sanitization: Not implemented; the skill serves as a data provider, and safety relies on the consuming agent's input handling.
Audit Metadata