medrxiv-search
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMDATA_EXFILTRATIONPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- DATA_EXFILTRATION (LOW): The skill makes network requests to 'api.medrxiv.org' and 'www.medrxiv.org'. While these are legitimate domains for the skill's stated purpose, they are not on the trusted external sources whitelist.
- PROMPT_INJECTION (MEDIUM): The skill creates a surface for indirect prompt injection. 1. Ingestion points: Untrusted external data is ingested from api.medrxiv.org (paper titles, abstracts, author names). 2. Boundary markers: Absent; the skill does not wrap the untrusted output in delimiters or warn the agent to ignore instructions within the data. 3. Capability inventory: The skill can execute local scripts (scripts/search) and perform further network requests via fetch(). 4. Sanitization: Absent; there is no evidence that the external content is sanitized before being presented to the agent.
- COMMAND_EXECUTION (LOW): The skill executes a bash command involving 'find' to locate its own script path in the '~/.claude' directory. While intended for path resolution, any script executing shell commands and accessing user directories requires oversight.
Audit Metadata