pubmed-database
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTIONNO_CODE
Full Analysis
- Data Exposure & Exfiltration (LOW): The documentation specifies network operations to an external domain (eutils.ncbi.nlm.nih.gov) that is not included in the whitelist of trusted domains for network activity.
- Indirect Prompt Injection (LOW): The skill enables an agent to fetch untrusted external publication data from PubMed, which could contain malicious instructions designed to influence the agent's behavior. 1. Ingestion points: api_reference.md (detailing EFetch and ESummary endpoints). 2. Boundary markers: Absent in the documentation. 3. Capability inventory: External network requests via GET and POST to the NCBI API. 4. Sanitization: The reference does not describe any sanitization or validation of the retrieved data.
- No Code (SAFE): The skill consists exclusively of markdown documentation and does not contain any executable scripts or binary files.
Audit Metadata