uspto-database
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [CREDENTIALS_UNSAFE] (SAFE): The implementation correctly uses environment variables (
USPTO_API_KEY) to handle sensitive API keys. There are no hardcoded credentials or secrets in the codebase. - [EXTERNAL_DOWNLOADS] (SAFE): The skill utilizes legitimate third-party libraries such as
requestsanduspto-opendata-python. These are standard and appropriate for the intended purpose of communicating with patent data services. - [DATA_EXFILTRATION] (SAFE): Network communication is restricted to authorized USPTO endpoints (
tsdrapi.uspto.gov,assignment-api.uspto.gov) and the PatentsView research API (search.patentsview.org). No suspicious data routing was identified. - [COMMAND_EXECUTION] (SAFE): The scripts do not use
os.system,subprocess, orevalwith untrusted input. Execution is limited to standard API requests and data parsing. - [INDIRECT_PROMPT_INJECTION] (SAFE): While the skill ingests external data from the USPTO (such as patent abstracts), which represents a potential injection surface if passed to an LLM, the scripts themselves do not execute this content and serve only as data retrieval tools.
Audit Metadata