literature-search
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute local bash scripts (
scripts/search) and Node.js files (scripts/search.mjs) for searching and setup. It also utilizes system utilities such asfindto resolve script paths andjqto parse JSON results. - [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection by ingesting untrusted data from external sources.
- Ingestion points: Full-text scientific content retrieved from PubMed, arXiv, bioRxiv, and medRxiv via the
api.valyu.aiendpoint. - Boundary markers: No delimiters or specific instructions to ignore embedded commands are used when processing the retrieved article content.
- Capability inventory: The agent has the capability to execute shell commands and local scripts (
scripts/search) as part of the skill's workflow. - Sanitization: There is no documented evidence of sanitization, filtering, or validation performed on the external content before it is processed by the agent.
Audit Metadata