clinical-trials-search
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHCREDENTIALS_UNSAFECOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [CREDENTIALS_UNSAFE] (HIGH): The skill documentation instructs the agent to run
scripts/search setup <api-key>after collecting a key from the user. Passing sensitive credentials as command-line arguments is a major security risk as they can be leaked in shell history files, system logs, and process monitoring tools likepsortop. - [COMMAND_EXECUTION] (MEDIUM): The skill relies on local script execution for its core functionality. Specifically, the 'Script Path Resolution' section suggests using a complex
findcommand to locate and execute scripts in a plugin cache. This behavior makes it harder to audit the exact code being executed and could lead to execution of unexpected files if the directory structure is manipulated. - [DATA_EXFILTRATION] (LOW): The skill transmits natural language queries and a user-provided API key to
https://api.valyu.ai/v1. While this is documented as the intended behavior for the service, it constitutes an external data flow to a non-whitelisted third-party domain. - [INDIRECT_PROMPT_INJECTION] (LOW): The skill processes untrusted external content from clinical trial databases.
- Ingestion points: External data enters the context via the
resultsarray (specifically thecontentandtitlefields) from the Valyu API. - Boundary markers: Absent. There are no instructions to the agent to ignore or delimit embedded instructions within the trial data.
- Capability inventory: The agent can execute the
scripts/searchBash wrapper and thescripts/search.mjsNode.js script. - Sanitization: Absent. The documentation suggests piping output directly to
jqor Python/TS SDKs without content filtering.
Recommendations
- AI detected serious security threats
Audit Metadata