patents-search
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses local shell scripts (
scripts/search) and a Node.js CLI tool (scripts/search.mjs) to perform patent searches and manage API configuration. It also includes a command to dynamically locate the script path within the user's environment.- [EXTERNAL_DOWNLOADS]: The documentation references the use of external SDKs (valyufor Python andvalyu-jsfor Node.js) and makes direct API calls tohttps://api.valyu.aito retrieve patent data.- [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection by retrieving and processing external patent data (titles, claims, and descriptions) from the Valyu API. If the retrieved data contained malicious instructions, it could potentially influence the agent's behavior. - Ingestion points: Patent content retrieved from
api.valyu.aiviascripts/search. - Boundary markers: None specified in the documentation.
- Capability inventory: Local script execution via
scripts/searchand file path resolution usingfind. - Sanitization: No explicit sanitization or filtering of API response content is mentioned.
Audit Metadata