pubmed-database
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its core functionality of retrieving and processing content from external research databases.
- Ingestion points: Untrusted data enters the agent context through the PubMed E-utilities API (e.g.,
https://eutils.ncbi.nlm.nih.gov/entrez/eutils/efetch.fcgi), which returns article abstracts, titles, and metadata. - Boundary markers: The provided Python examples and search strategies lack explicit delimiters or instructions to ignore potential instructions embedded within the retrieved biomedical literature.
- Capability inventory: The skill demonstrates capabilities for performing network requests using the
requestslibrary to fetch data based on user queries (SKILL.md). - Sanitization: No sanitization or validation logic is present in the examples to filter out or escape potentially malicious instructions embedded in the API responses.
Audit Metadata