nlm-index
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (LOW): Indirect Prompt Injection vulnerability surface detected. The skill is designed to ingest large amounts of untrusted data from documentation sites, GitHub repositories, and YouTube transcripts which could contain hidden malicious instructions.
- Ingestion points: External URLs via
webfetch, GitHub repository trees viagh api, and YouTube transcripts. - Boundary markers: Absent. There are no instructions to the agent to treat fetched content as data only or to ignore embedded instructions.
- Capability inventory: Includes network access (
webfetch), repository metadata access (gh api), and the ability to query the indexed data (notebook_query). - Sanitization: No evidence of sanitization or filtering for the external content before it is processed or uploaded.
- [COMMAND_EXECUTION] (LOW): The skill instructs the agent to use the GitHub CLI (
gh). While this is the intended functionality, it introduces a potential command injection vector if the agent does not properly sanitize the repository string provided by a user. - [EXTERNAL_DOWNLOADS] (SAFE): The skill performs network operations to fetch data from common documentation sites and GitHub. These are considered standard and trustworthy sources for the stated purpose of the skill.
Audit Metadata