uspto-database
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- Category 8: Indirect Prompt Injection (SAFE): The skill processes data from external USPTO APIs, including patent abstracts and trademark descriptions. While these represent untrusted data sources, the skill possesses no dangerous capabilities (e.g., file-writing, subprocess execution, or code evaluation) that would allow an attacker to exploit this surface. Ingestion occurs in 'patent_search.py', 'peds_client.py', and 'trademark_client.py'.
- Category 4: External Downloads (SAFE): Dependencies identified are 'requests' and 'uspto-opendata-python'. Both are standard, well-known libraries for REST API interaction and USPTO data processing. These dependencies are consistent with the skill's stated purpose.
- Category 2: Data Exposure & Exfiltration (SAFE): Network operations are directed solely to official domains such as 'uspto.gov' and 'patentsview.org'. API keys are handled securely via environment variables or constructor arguments, avoiding hardcoded secrets.
Audit Metadata