openalex-database
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [INDIRECT_PROMPT_INJECTION] (LOW): The skill ingests untrusted data from the OpenAlex API. Ingestion points: Data enters via _make_request and search_works in scripts/query_helpers.py. Boundary markers: Absent; API results are returned directly to the agent. Capability inventory: Network requests via requests.get and file writing via csv.writer in references/common_queries.md. Sanitization: Absent.
- [EXTERNAL_DOWNLOADS] (LOW): The skill performs network operations to api.openalex.org. While this is the intended primary purpose, it involves an external domain not on the trusted whitelist.
Audit Metadata