biorxiv-search
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONCREDENTIALS_UNSAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local bash and Node.js scripts to perform semantic searches and setup the environment. It provides a shell command to dynamically locate the script path in the plugin cache.
- [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection because it fetches and processes full-text research content from bioRxiv preprints. Malicious instructions embedded in a preprint could potentially influence the agent's behavior. * Ingestion points: Full-text article content and figures retrieved from the Valyu bioRxiv API. * Boundary markers: None identified. * Capability inventory: Execution of local search scripts. * Sanitization: No explicit sanitization of research data is performed.
- [CREDENTIALS_UNSAFE]: The API key configuration flow involves passing the user-provided key as a command-line argument, which may expose it in process lists or shell history.
Audit Metadata