biomedical-search
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local bash and Node.js scripts (
scripts/search,scripts/search.mjs) to facilitate search queries and handle API setup. These scripts are invoked with user-provided queries and are part of the skill's core functionality. - [EXTERNAL_DOWNLOADS]: The skill interacts with
api.valyu.aito retrieve search results. It also directs users toplatform.valyu.aifor API keys anddocs.valyu.aifor documentation. These are trusted resources belonging to the Valyu service provider. - [PROMPT_INJECTION]: The skill processes external biomedical data (titles, full-text content, and URLs) from databases like PubMed and ClinicalTrials.gov. While this presents a surface for indirect prompt injection, it is a standard risk for any search-based skill and is handled within the scope of its primary purpose.
- [CREDENTIALS_UNSAFE]: The skill uses a secure flow for handling authentication by prompting the user to provide an API key at runtime rather than using hardcoded secrets. This key is then passed to a local setup script.
Audit Metadata