fetch-meta-to-kb
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches journal article metadata from Crossref's official API (api.crossref.org), which is a well-known and trusted service in the scholarly community.
- [COMMAND_EXECUTION]: Executes a local Python script, fetch_meta_to_kb.py, to process and ingest data. The script's logic is transparent and limited to the stated purpose.
- [SAFE]: Database credentials and configuration are securely managed through environment variables (e.g., KB_DB_PASSWORD), avoiding the risk of hardcoded secrets.
- [SAFE]: The skill uses psycopg2's parameterized query methods (execute_values) to perform database inserts, which is an industry-standard defense against SQL injection.
- [SAFE]: Data processed from external sources (such as article titles and abstracts) is handled as content for storage and is not interpreted as executable code or prompt instructions.
Audit Metadata