parallel-literature-search
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill is vulnerable to indirect prompt injection because it ingests untrusted data from external sources and processes it through a synthesis agent.
- Ingestion points: Search results from PubMed (abstracts) and the web (via Perplexity) are retrieved and fed into the synthesis agent's context.
- Boundary markers: The skill documentation does not specify the use of clear delimiters or 'ignore' instructions to prevent the model from following commands hidden within retrieved search results.
- Capability inventory: The skill is primarily focused on text synthesis and report generation; it does not appear to expose high-risk tools such as shell access or file-system modifications to the untrusted input.
- Sanitization: There is no evidence of sanitization or filtering of the retrieved external content before it is interpolated into the synthesis prompt.
Audit Metadata