doe-osti
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill interacts exclusively with official U.S. government domains (osti.gov) to retrieve public research data. All network operations are directed at these verified endpoints.
- [SAFE]: No authentication or credentials are required for the OSTI public search API, eliminating the risk of credential exposure or hardcoded secrets.
- [SAFE]: The provided code implementations (Bash with curl/jq and Python with urllib/json) use standard libraries and tools. There are no external dependencies, unverifiable packages, or risky execution patterns like 'eval' or piped remote scripts.
- [SAFE]: The skill includes instructions for proper data handling, such as stripping HTML tags from API responses (title and description fields) before displaying them to the user, which serves as a basic form of output sanitization.
- [SAFE]: No evidence of prompt injection, obfuscation, or persistence mechanisms was found in the skill definitions or accompanying reference files.
Audit Metadata