medrxiv-search
Warn
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: MEDIUMCREDENTIALS_UNSAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill instructs the user to setup their authentication by running
scripts/search setup <api-key>. Passing secrets as command-line arguments is a security risk as the key can be logged in the shell history (e.g., .bash_history) or viewed by other users on the system via process monitoring tools likepsortop. - [COMMAND_EXECUTION]: The skill executes local shell scripts and Node.js files (
scripts/search,scripts/search.mjs) to perform its core functions. It also uses a complexfindcommand to resolve its own path in the plugin cache, which involves executing shell commands with user-provided parameters like query strings. - [EXTERNAL_DOWNLOADS]: The skill makes outbound network requests to the Valyu API (
https://api.valyu.ai/v1/search) to retrieve search results. While this is its intended purpose, it represents external communication to a non-standard service. - [PROMPT_INJECTION]: The skill processes untrusted external data from medRxiv search results.
- Ingestion points: Data enters the context via the
resultsarray (specifically thecontentandtitlefields) from the Valyu API response. - Boundary markers: None identified in the prompt documentation to separate search results from agent instructions.
- Capability inventory: The skill has the capability to execute shell commands and Node.js scripts via the
scripts/searchentry point. - Sanitization: There is no evidence of sanitization or filtering of the content retrieved from the external database before it is returned to the agent.
Audit Metadata