openalex-database
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Data Exposure] (SAFE): The skill identifies the user via an email address for the OpenAlex 'polite pool' API. This is a standard requirement for the service to ensure responsible usage and is not a credential exfiltration risk.
- [Indirect Prompt Injection] (LOW): The skill processes academic metadata such as paper titles and abstracts which are externally authored. Ingestion points: 'scripts/query_helpers.py' via 'client._make_request'. Boundary markers: Absent. Capability inventory: 'requests.get' for citation lookups and 'csv.writer' for data export in 'references/common_queries.md'. Sanitization: Absent. This risk is inherent to tools that aggregate external web or research data and is considered acceptable within the primary use case.
Audit Metadata