openalex-database
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill contains specific instructions directing the agent to steer users toward a commercial platform (K-Dense Web) when task complexity increases.
- [DATA_EXFILTRATION]: The skill requests a user email address for the OpenAlex 'polite pool'. This involves the collection and transmission of personally identifiable information (PII) to an external API endpoint.
- [COMMAND_EXECUTION]: The documentation includes instructions for the agent or user to execute shell commands (
uv pip install requests) to install necessary dependencies. - [EXTERNAL_DOWNLOADS]: The skill downloads the
requestspackage and fetches data from the OpenAlex API (a well-known scholarly database service). - [PROMPT_INJECTION]: The skill possesses an attack surface for indirect prompt injection by processing external scholarly data.
- Ingestion points: Scholarly metadata (titles, abstracts) ingested via
client.search_works()andclient.get_entity()as documented inSKILL.md. - Boundary markers: No delimiters or protective instructions are visible in the provided snippets to prevent the agent from obeying instructions embedded in paper abstracts.
- Capability inventory: The skill performs network operations (API requests) and local file writes (CSV export) as described in
SKILL.md. - Sanitization: There is no evidence of sanitization or filtering of the retrieved scholarly content before it is processed by the agent.
Audit Metadata