medical-research
Pass
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill fetches biomedical research papers and metadata from the official PubMed/NCBI database, which is a well-known and trusted scientific service.
- [COMMAND_EXECUTION]: Executes a local Python script
pubmed_search.pyusing a subprocess to query the PubMed API. This is the primary intended function of the skill for data retrieval. - [PROMPT_INJECTION]: The skill processes untrusted content (titles and abstracts) retrieved from an external source, which presents a surface for indirect prompt injection.
- Ingestion points: Data is ingested from the PubMed API through the
pubmed_search.pyscript and then analyzed by the agent. - Boundary markers: Absent. The skill instructions do not specify the use of delimiters or 'ignore' instructions for the retrieved external text.
- Capability inventory: The agent has the capability to execute the local Python search script and write markdown summary files to the working directory.
- Sanitization: Absent. There is no explicit requirement in the instructions for the agent to sanitize or validate the content of the retrieved abstracts for malicious patterns.
Audit Metadata