literature-search
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Prompt Injection (LOW): Indirect Prompt Injection Surface.
- Ingestion points: The skill fetches full-text content and figures from external scientific databases (PubMed, arXiv, bioRxiv, medRxiv) via the Valyu API.
- Boundary markers: There are no explicit instructions or delimiters mentioned in the
SKILL.mdto prevent the agent from following instructions potentially hidden within retrieved research papers. - Capability inventory: The skill provides a shell script (
scripts/search) that executes Node.js code to fetch data. The resulting article content is then processed by the agent. - Sanitization: The documentation does not specify any sanitization, filtering, or escaping of the external article content before it is presented to the agent's context.
Audit Metadata