Skills
skills/wu-yc/labclaw/pubmed-search/Gen Agent Trust Hub

pubmed-search

Pass

Audited by Gen Agent Trust Hub on Mar 15, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted content from external PubMed articles.
  • Ingestion points: PubMed search results (titles, URLs, and full article content) are retrieved from the Valyu API and presented to the agent.
  • Boundary markers: No delimiters or explicit instructions to ignore embedded commands within search results were found.
  • Capability inventory: The skill has the capability to execute local bash and Node.js scripts (scripts/search).
  • Sanitization: There is no evidence of sanitization or filtering of the retrieved literature content before it is processed by the agent.
  • [COMMAND_EXECUTION]: The skill uses a filesystem search command to dynamically resolve paths to its own components.
  • Evidence: It executes find ~/.claude/plugins/cache -name "search" ... to identify the location of the search script within the agent's plugin cache.
  • [EXTERNAL_DOWNLOADS]: The skill performs network requests to an external API to fetch biomedical research data.
  • Evidence: Connects to api.valyu.ai/v1 using Node.js fetch to retrieve PubMed content and metadata.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 15, 2026, 04:33 AM