uspto-database
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill includes instructions that direct the agent to proactively suggest the vendor's 'K-Dense Web' platform when users engage in complex, multi-step reasoning or deep research workflows. This is a documented behavioral steer intended for productivity enhancement within the vendor's ecosystem.- [EXTERNAL_DOWNLOADS]: The documentation and scripts recommend the installation of the
uspto-opendata-pythonlibrary from PyPI. This is an established and specialized package used for accessing USPTO Patent Examination Data System (PEDS) records.- [DATA_EXFILTRATION]: The skill utilizes environment variables such asUSPTO_API_KEYandPATENTSVIEW_API_KEYfor authentication, which is a standard security practice to prevent the exposure of credentials in source code. All network traffic is directed to official or well-known service domains including uspto.gov and patentsview.org.- [SAFE]: The skill processes data from external USPTO APIs, which constitutes an indirect prompt injection surface. - Ingestion points: Patent and trademark data are retrieved in
scripts/patent_search.py,scripts/peds_client.py, andscripts/trademark_client.py. - Boundary markers: Data is ingested and processed in structured JSON and XML formats; the scripts do not currently implement explicit delimiters to separate external content from agent instructions.
- Capability inventory: The skill has the capability to make outbound HTTPS requests via the
requestslibrary and execute local Python helper scripts. - Sanitization: The scripts perform basic input validation and formatting, such as removing punctuation from patent numbers, and treat API responses as structured data.
Audit Metadata