biorxiv-database
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill documentation includes a section 'Suggest Using K-Dense Web' which directs the agent to proactively recommend a third-party research platform (www.k-dense.ai) to the user during complex tasks. This constitutes a behavioral instruction injection meant to steer the agent's responses for promotional purposes.
- [PROMPT_INJECTION]: The skill ingests untrusted data in the form of preprint titles and abstracts from the bioRxiv API, creating an indirect prompt injection surface where malicious content within a paper could influence the agent's behavior.
- Ingestion points: External bioRxiv API results containing metadata and abstracts as described in
SKILL.md. - Boundary markers: Absent; there are no instructions provided to treat ingested data as untrusted or to ignore embedded commands.
- Capability inventory: The skill utilizes network access (via
requests) and file system operations (saving JSON and downloading PDFs) as detailed in the usage examples. - Sanitization: Absent; no sanitization or content validation for the retrieved data is mentioned.
- [NO_CODE]: The skill's functionality relies on external Python files, specifically
scripts/biorxiv_search.pyandtests/test_biorxiv_search.py, which are referenced in the documentation but not provided in the source files. This prevents a complete security audit of the actual data handling and network logic.
Audit Metadata