clinicaltrials-database
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWPROMPT_INJECTIONSAFE
Full Analysis
- [Data Exposure & Exfiltration] (LOW): The script initiates network connections to
clinicaltrials.gov. Although this domain is not on the predefined trusted list, it is the official government endpoint for clinical trial data. No sensitive local files are accessed or transmitted. - [Prompt Injection] (LOW): The script presents an indirect prompt injection surface by ingesting external data that may eventually be processed by an AI agent.
- Ingestion points:
scripts/query_clinicaltrials.py(API responses retrieved viarequests.get) - Boundary markers: Absent; the script returns raw data structures (dictionaries and lists) to the caller.
- Capability inventory: Low; the script possesses no capabilities for file system modification, command execution, or dynamic code evaluation.
- Sanitization: Absent; the script extracts and returns text fields (e.g.,
officialTitle,briefSummary) without sanitizing them for potential prompt injection markers.
Audit Metadata