patent-architect
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the
Bashtool with a restricted scope, specifically allowingcurlto interact with search APIs. This is a functional requirement for the prior art search phase. - [EXTERNAL_DOWNLOADS]: The skill retrieves patent data and technical documentation from well-known services, including
serpapi.comandapi.exa.ai. These connections are documented and target reputable technology services. - [PROMPT_INJECTION]: The skill ingests untrusted data from external search results and web content, which represents an indirect prompt injection surface. This risk is managed by the skill's instructions to extract only specific technical metadata and its use of a rigid structural template for the final output.
- Ingestion points: Search results from SerpAPI, Exa.ai, and the
WebSearchtool (referenced inSKILL.md). - Boundary markers: The agent is instructed to follow the exact structure defined in
template.md. - Capability inventory: The skill uses
Bash(curl),Write,Edit, andWebSearchcapabilities. - Sanitization: Instructions explicitly mandate the extraction of discrete technical elements (such as publication numbers, claims, and technical solutions) rather than verbatim processing of external content.
Audit Metadata