Skills
skills/wu-yc/labclaw/open-targets-search/Gen Agent Trust Hub

open-targets-search

Pass

Audited by Gen Agent Trust Hub on Mar 13, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The documentation instructs the agent to use the find command to locate the script path within the local file system and execute the scripts/search bash wrapper.
  • [DATA_EXFILTRATION]: The skill communicates with an external API at api.valyu.ai. While this is the primary functionality of the skill, it involves sending user queries and an API key to a non-whitelisted third-party domain.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it retrieves and processes unstructured content from external search results.
  • Ingestion points: The results[].content and results[].title fields from the Valyu API response are ingested into the agent context.
  • Boundary markers: No delimiters or protective instructions are specified to prevent the agent from following commands embedded in the search results.
  • Capability inventory: The agent has the capability to execute local scripts (scripts/search) and make network calls via fetch.
  • Sanitization: There is no evidence of sanitization or validation of the content returned from the external API.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 13, 2026, 03:46 AM