tooluniverse-disease-research
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill interacts with numerous well-known and reputable scientific and medical services, including PubMed, OpenTargets, ClinVar, Reactome, and ClinicalTrials.gov, to fetch research data. These sources are considered well-known technology and data providers in the scientific community.
- [COMMAND_EXECUTION]: The skill defines a research protocol that involves Python-based file system operations. Specifically, it uses the
open()function to create and progressively update markdown report files on the local disk. These operations are directly tied to the primary purpose of the skill and do not target sensitive system directories. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted textual data retrieved from external scientific databases, such as abstracts from PubMed or descriptions from OpenAlex.
- Ingestion points: Data enters the context through various tool calls documented in
SKILL.md, such astu.tools.PubMed_search_articlesandtu.tools.openalex_search_works. - Boundary markers: The protocol does not specify the use of delimiters or instructions to ignore potential commands embedded within the retrieved scientific content.
- Capability inventory: The skill has the capability to write and modify files in the local environment as described in the
SKILL.mdfile-writing logic. - Sanitization: While the skill sanitizes filenames by lower-casing and replacing spaces, it does not apply specific sanitization to the content of the data retrieved from external sources before writing it to the research report.
Audit Metadata