pubmed-metaanalysis
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWEXTERNAL_DOWNLOADSPROMPT_INJECTIONNO_CODE
Full Analysis
- [EXTERNAL_DOWNLOADS] (LOW): The skill instructs the agent to make network requests to eutils.ncbi.nlm.nih.gov to retrieve research data. While this domain is not on the internal whitelist, it is a trusted US government resource for scientific data.
- [PROMPT_INJECTION] (LOW): Category 8 (Indirect Prompt Injection) risk exists as the skill fetches external content (PubMed abstracts). Evidence: 1. Ingestion Point: NCBI API calls in SKILL.md; 2. Boundary Markers: Absent; 3. Capability Inventory: Retrieve, parse, and format text for output; 4. Sanitization: Absent. The severity is LOW as the capability is limited to internal reasoning and display without side effects.
- [NO_CODE] (INFO): The skill consists of instructional markdown only and contains no executable scripts, binaries, or code blocks intended for direct execution.
Audit Metadata