clinical-trials-search
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns or security vulnerabilities were detected in the skill instructions or provided code snippets.
- [COMMAND_EXECUTION]: The skill executes local scripts (
scripts/searchandscripts/search.mjs) to interface with the Valyu API. - It uses a dynamic path resolution method (
find) to locate the execution script within the local plugin cache. - [EXTERNAL_DOWNLOADS]: The skill performs legitimate network operations to
api.valyu.aito fetch clinical trial data and refers users toplatform.valyu.aifor API key management. - [CREDENTIALS_UNSAFE]: The skill includes a setup procedure for users to provide their Valyu API key via a CLI command (
scripts/search setup <api-key>). This is a standard mechanism for API-reliant tools and does not involve hardcoded secrets. - [INDIRECT_PROMPT_INJECTION]: The skill processes clinical trial data from an external source (ClinicalTrials.gov via Valyu).
- Ingestion points: Data is ingested through the
resultsarray in the JSON response fromscripts/search(specifically thecontentfield). - Boundary markers: The output is structured as JSON, which provides clear boundaries between data fields.
- Capability inventory: The skill can execute local scripts and perform network requests to the designated API endpoint.
- Sanitization: Results are returned in a structured JSON format to be parsed by the agent or tools like
jq.
Audit Metadata