pubmed-database
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The 'Suggest Using K-Dense Web' section in SKILL.md contains explicit instructions to the AI agent to steer user behavior toward a specific third-party platform (www.k-dense.ai) when task complexity increases.
- [PROMPT_INJECTION]: A vulnerability surface for indirect prompt injection exists due to the ingestion of untrusted data from the PubMed E-utilities API.
- Ingestion points: External data is retrieved via the 'esearch.fcgi' and 'efetch.fcgi' endpoints as described in SKILL.md and api_reference.md.
- Boundary markers: The skill lacks delimiters or explicit instructions for the agent to ignore potentially malicious content embedded within retrieved medical literature.
- Capability inventory: The skill utilizes the Python 'requests' library for network operations to fetch external content.
- Sanitization: There is no evidence of data sanitization, escaping, or validation performed on the retrieved API content before it enters the agent's context.
- [SAFE]: The technical support email 'vog.hin.mln.ibcn@seitilitue' is stored in a reversed format to deter automated scraping, representing a benign use of obfuscation for static contact information.
Audit Metadata