physics-skills
Pass
Audited by Gen Agent Trust Hub on Apr 13, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill contains examples of shell commands for running scientific simulations (Quantum ESPRESSO) and performing bibliographic searches via the NASA ADS API using
curl. These are standard usage examples for the documented tools. - [EXTERNAL_DOWNLOADS]: The skill facilitates data retrieval from established and trusted scientific data providers including NASA ADS, SIMBAD, VizieR, and SDSS. These operations are essential for the primary research purpose of the skill.
- [DATA_EXFILTRATION]: No unauthorized data exfiltration patterns were identified. The skill follows security best practices by recommending the use of environment variables (
ADS_API_TOKEN) for handling API authentication. - [PROMPT_INJECTION]: The skill manages a surface for indirect prompt injection by processing external data formats (FITS, ROOT, and API responses).
- Ingestion points:
fits.openandTable.readinastrophysics-data-guide/SKILL.md,uproot.openinparticle-physics-guide/SKILL.md, and JSON responses from NASA ADS API. - Boundary markers: None present in the demonstration snippets.
- Capability inventory: Subprocess calls for scientific binaries, local file writing (via
catredirection), and network requests to scientific databases. - Sanitization: Not explicitly implemented in the provided code examples.
Audit Metadata