openalex-database
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION] (LOW): The skill is vulnerable to indirect prompt injection (Category 8) due to the ingestion of untrusted data from the OpenAlex API which is then presented to the agent. \n
- Ingestion points:
scripts/query_helpers.py(via API requests) andreferences/common_queries.md(viarequests.get). \n - Boundary markers: Absent in the provided code and documentation examples. \n
- Capability inventory: The skill performs network requests and file-write operations (
quantum_papers.csv). \n - Sanitization: No validation or escaping of API-returned strings is implemented before the data is processed or printed.\n- [EXTERNAL_DOWNLOADS] (LOW): The skill performs network operations to external domains (OpenAlex API) that are not on the trusted sources list. \n
- Evidence: Use of
requests.getinreferences/common_queries.mdand internal request helpers inscripts/query_helpers.py.
Audit Metadata