biomedical-search
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECREDENTIALS_UNSAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE] (LOW): The skill prompts the agent to collect a Valyu API key and pass it as a command-line argument ('scripts/search setup '). This can result in the key being stored in shell history or visible in process lists on the host machine.
- [COMMAND_EXECUTION] (LOW): The documentation suggests a shell-based path resolution strategy ('find ~/.claude/plugins/cache ...') to locate and execute the script. Executing paths dynamically resolved from the filesystem carries risks if the directory structure is manipulated by other processes.
- [DATA_EXFILTRATION] (LOW): The skill transmits search queries to 'https://api.valyu.ai'. While this is the intended purpose, it involves sending user-provided natural language queries to a non-whitelisted third-party domain.
- [PROMPT_INJECTION] (LOW): The skill serves as a vector for indirect prompt injection as it retrieves 'Full-Text Access' from external databases like PubMed and bioRxiv.
- Ingestion points: External biomedical data (content field) enters the agent context via 'scripts/search'.
- Boundary markers: Absent; the skill does not suggest using delimiters or specific 'ignore instructions' warnings when processing search results.
- Capability inventory: The skill uses subprocess calls to run 'scripts/search' and 'jq' for data extraction.
- Sanitization: No sanitization of the retrieved content is mentioned before it is returned to the agent.
Audit Metadata