tooluniverse-clinical-trial-design
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted data from external medical research databases, which creates a potential surface for indirect prompt injection.
- Ingestion points: Untrusted data enters the agent context via research tools such as
PubMed_search_articlesandsearch_clinical_trialsas implemented inpython_implementation.pyandtrial_pipeline.py. - Boundary markers: The instructions lack explicit delimiters or 'ignore' warnings to prevent the agent from following potential instructions embedded in retrieved abstracts or trial descriptions.
- Capability inventory: The skill is capable of reading from multiple external APIs and writing markdown reports to the local file system.
- Sanitization: There is no evidence of content sanitization or validation performed on data retrieved from external sources before it is analyzed by the agent.
Audit Metadata