Skills
skills/robthepcguy/claude-patent-creator/prior-art-search/Gen Agent Trust Hub

prior-art-search

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • Indirect Prompt Injection (LOW): The skill processes untrusted external data retrieved from patent databases, which could contain adversarial instructions intended to influence the agent's analysis.
  • Ingestion points: Patent abstracts, titles, and claims retrieved from Google BigQuery and the USPTO API (Steps 3, 5, and 6).
  • Boundary markers: Absent; the methodology does not specify the use of delimiters or 'ignore' instructions when processing external patent text.
  • Capability inventory: Use of Bash for command execution, Write for file creation, and Read for data ingestion.
  • Sanitization: No explicit sanitization or escaping of external patent content is mentioned before it is passed to the LLM for the Step 7 Patentability Report.
  • Command Execution (LOW): The skill uses the Bash tool to execute Python search scripts. While the provided snippets demonstrate intended use for database queries, runtime shell execution is a capability that requires monitoring to prevent command injection if query parameters are not properly handled.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 05:55 PM