openalex
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes academic data from OpenAlex, which creates a surface for indirect prompt injection. This is addressed by specific guardrail instructions for the agent.
- Ingestion points: File
SKILL.mdidentifies that functions likeopenalex_find_worksreturn payload text. - Boundary markers: The skill documentation explicitly warns the agent to treat retrieved text as untrusted and ignore embedded instructions.
- Capability inventory: SQL queries and embedding requests are performed via
curlinSKILL.md. - Sanitization: Input validation is mandated for all entity IDs using regular expressions.
- [SAFE]: All external communications target the vendor's own API infrastructure (
api.exopriors.com), which is standard behavior for the skill's purpose.
Audit Metadata