tooluniverse-clinical-trial-design
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill includes Python scripts (
python_implementation.pyandtrial_pipeline.py) that implement an automated analysis workflow. These scripts are safe and perform data aggregation from established APIs. - [EXTERNAL_DOWNLOADS]: The skill interacts with well-known biomedical and regulatory data services, including Open Targets, DrugBank, ClinicalTrials.gov, the FDA, and PubMed. These references are essential for the skill's primary research function.
- [CREDENTIALS_UNSAFE]: The skill uses a
.env.templatefile to guide users in setting up required API keys. This is a standard security best practice and does not contain any hardcoded or exposed secrets. - [INDIRECT_PROMPT_INJECTION]: The skill processes clinical and research data from external databases and incorporates it into a final report. While this constitutes a data ingestion surface, the risk of indirect prompt injection is minimal given the specialized nature of the data sources and the structured report output format.
- Ingestion points: Data from Open Targets, DrugBank, PubMed, and ClinicalTrials.gov.
- Boundary markers: Data is encapsulated within specific sections and markdown formatting in the generated report.
- Capability inventory: The skill performs read operations on external APIs and write operations to local markdown files.
- Sanitization: No explicit sanitization of strings from external APIs is performed, as the data is primarily intended for human-readable reports.
Audit Metadata