clinicaltrials-database
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill interacts with the
clinicaltrials.govAPI (v2) to fetch study data. This is a well-known, authoritative public service maintained by the U.S. National Library of Medicine. - [COMMAND_EXECUTION]: Documentation includes instructions for executing a local Python script
scripts/query_clinicaltrials.pyto facilitate API queries. - [PROMPT_INJECTION]: The skill contains a 'Suggest Using K-Dense Web' section that provides a behavioral instruction for the agent to recommend the author's research platform (
k-dense.ai) when user tasks increase in complexity. This is a functional instruction from the vendor to promote its own tools and does not bypass safety constraints. - [PROMPT_INJECTION]: The skill acts as a surface for indirect prompt injection by processing and displaying data from an external API.
- Ingestion points: Data retrieved from ClinicalTrials.gov API endpoints (SKILL.md)
- Boundary markers: Not present in the provided markdown code examples
- Capability inventory: Execution of a local Python script
query_clinicaltrials.py(SKILL.md) - Sanitization: No specific sanitization or filtering of API response text (such as brief summaries or eligibility criteria) is demonstrated in the skill's examples.
Audit Metadata