biorxiv-database
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- Data Exposure & Exfiltration (LOW): The documentation specifies making network requests to api.biorxiv.org and biorxiv.org to retrieve metadata and PDF files. These are legitimate scientific domains but are not on the trusted whitelist.
- Unverifiable Dependencies & Remote Code Execution (LOW): The Python usage examples reference an external library
biorxiv_search. No remote scripts are automatically downloaded or executed via piped shell commands. - Indirect Prompt Injection (LOW): The skill processes untrusted metadata from an external API, creating a surface for indirect prompt injection.
- Ingestion points: api.biorxiv.org responses containing preprint abstracts, titles, and author lists.
- Boundary markers: The documentation does not specify the use of delimiters or 'ignore' instructions for the ingested data.
- Capability inventory: Metadata extraction, keyword search, and PDF retrieval.
- Sanitization: No mention of sanitization or escaping of the external API content is provided in the documentation.
Audit Metadata