parallel-search
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (MEDIUM): The skill possesses a significant attack surface for tool output poisoning.
- Ingestion points: Untrusted data enters the agent context through
search_literature,fetch_article_details, andfind_related_articleswhich retrieve content from the external PubMed database (SKILL.md). - Boundary markers: No explicit boundary markers or instructions to ignore embedded commands within the fetched literature content are defined in the workflow.
- Capability inventory: The agent has the capability to save data to a database or file via
save_reference_mcpandsave_reference, and uses the retrieved data to make iterative search decisions (SKILL.md). - Sanitization: There is no evidence of sanitization or filtering for the clinical descriptions or literature metadata before they are processed by the agent.
- Data Exposure & Exfiltration (LOW): While the skill performs network operations to fetch literature, these are limited to the PubMed MCP tool scope. No access to sensitive local files or environment variables was detected.
Audit Metadata