pubmed-database
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill interacts exclusively with the official NCBI PubMed E-utilities REST API (eutils.ncbi.nlm.nih.gov), a trusted well-known service for medical research.
- [SAFE]: Implements responsible API usage through exponential backoff (retries on 429/5xx) and intentional delays (rateDelay) to respect NCBI rate limits.
- [SAFE]: Input handling is secured using the 'zod' library for schema validation and 'encodeURIComponent' for URL parameters, preventing common injection vectors.
- [SAFE]: No hardcoded credentials or sensitive data access detected; the skill utilizes the public E-utilities API which allows unauthenticated access for research purposes.
- [SAFE]: Indirect Prompt Injection Risk Assessment: The skill ingests data from PubMed abstracts and metadata. While this represents an untrusted data surface (Category 8), the skill handles this as standard data retrieval for medical information, with no evidence of dangerous downstream capabilities or lack of sanitization that would elevate the risk beyond baseline expectations for a search tool.
Audit Metadata