fetch-abstract-to-kb
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No security vulnerabilities, malicious instructions, or data exfiltration patterns were identified. The skill performs its stated purpose using standard, secure methodologies.
- [COMMAND_EXECUTION]: The script
scripts/fetch_abstract_to_kb.pyperforms database operations (SELECT and UPDATE) and reads local JSON files for data input. Database queries are constructed safely usingpsycopg2.sqlfor identifiers and parameters for data values, mitigating SQL injection risks. - [EXTERNAL_DOWNLOADS]: The skill references the
psycopg2-binaryandpython-dotenvpackages. These are well-known, legitimate libraries for PostgreSQL connectivity and environment variable management. - [CREDENTIALS_UNSAFE]: The skill requires database credentials provided via environment variables (
KB_DB_PASSWORD, etc.). This is a standard practice for secure credential management; no hardcoded secrets or sensitive keys were found in the source code.
Audit Metadata