pubmed-search
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- COMMAND_EXECUTION (LOW): The skill relies on local shell script execution (
scripts/search). It includes instructions for the agent to usefindto resolve its own script paths in the plugin cache, which is a functional requirement but involves executing shell commands. - INDIRECT_PROMPT_INJECTION (LOW): The skill processes untrusted data from an external source (PubMed).
- Ingestion points: PubMed search results including article titles and full-text content are ingested into the agent context via the search tool output.
- Boundary markers: Absent. There are no clear delimiters or instructions provided to the agent to ignore potential malicious instructions embedded within the medical literature.
- Capability inventory: The agent has the capability to execute local shell scripts (
scripts/search). - Sanitization: Absent. The documentation does not specify any sanitization or escaping of the content returned from the API before it is processed by the agent.
- CREDENTIALS_UNSAFE (LOW): The setup flow requires the user to provide an API key which is then passed as a command-line argument to
scripts/search setup <api-key>. While not a hardcoded secret, this practice can expose sensitive tokens in process lists or shell history.
Audit Metadata