sci-journals-hybrid-search
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSPROMPT_INJECTIONDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
- PROMPT_INJECTION (MEDIUM): The skill is susceptible to Indirect Prompt Injection (Category 8). \n
- Ingestion points: Untrusted journal data is retrieved from the
sci_searchendpoint and processed as thedataarray inSKILL.md.\n - Boundary markers: There are no instructions or delimiters provided to help the agent distinguish between its instructions and the retrieved journal content.\n
- Capability inventory: The agent is instructed to 'Interpret response' and 'Troubleshoot' based on the API output, allowing malicious content in journals to influence the agent's reasoning.\n
- Sanitization: No evidence of sanitization or filtering of external content before it is processed by the agent.\n- EXTERNAL_DOWNLOADS (MEDIUM): The skill relies on an external third-party Supabase project (
qyyqlnwqwgvzxnccnbgm.supabase.co). While Supabase is a known provider, the specific project and the data it serves are unverified and outside the agent's direct control.\n- DATA_EXFILTRATION (LOW): User-supplied queries, which may contain sensitive context or data, are sent to the external Supabase endpoint. While not a high-severity leak on its own, it represents data flow to a non-whitelisted third-party domain.\n- COMMAND_EXECUTION (LOW): Documentation inSKILL.mdandreferences/testing.mdprovidescurlcommands. While these are for manual testing/reference, they demonstrate how the agent or user might execute network-level operations to interface with the skill's backend.
Audit Metadata