medrxiv-search
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches medical preprint metadata from the official medRxiv API (api.medrxiv.org). This is a well-known service provided by Cold Spring Harbor Laboratory and is documented as a trusted source of biomedical literature.
- [DATA_EXFILTRATION]: No sensitive data access or exfiltration patterns were detected. The tool processes only public research data and does not access environment variables, SSH keys, or other sensitive local files.
- [COMMAND_EXECUTION]: The skill executes its own local CLI script via Bun as defined in the SKILL.md allowed-tools. There are no patterns of arbitrary command execution, privilege escalation, or shell injection.
- [PROMPT_INJECTION]: The instructions in SKILL.md are strictly focused on the functional purpose of searching for medical preprints. There are no attempts to override agent behavior, bypass safety guidelines, or extract system prompts.
- [REMOTE_CODE_EXECUTION]: The code uses standard package dependencies and performs HTTP requests using the built-in fetch API for data retrieval only. No remote code execution or dynamic evaluation of untrusted input was found.
Audit Metadata