uspto-database
Pass
Audited by Gen Agent Trust Hub on May 11, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: A comprehensive analysis of the skill instructions and code snippets revealed no malicious patterns or security vulnerabilities.
- [DATA_EXFILTRATION]: The skill utilizes the
requestslibrary to perform network operations againstsearch.patentsview.org, an established and relevant service for patent research. These operations are consistent with the skill's primary purpose. - [CREDENTIALS_UNSAFE]: The skill explicitly instructs users to handle API keys using environment variables (
USPTO_API_KEY,PATENTSVIEW_API_KEY), which is a secure practice that avoids hardcoding secrets in code or configuration files. - [PROMPT_INJECTION]: The skill ingests data from external USPTO API responses. Although this represents a surface for indirect prompt injection (Category 8), the risk is minimal as the skill targets reputable official databases and does not contain dangerous execution capabilities that could be leveraged by malicious data.
Audit Metadata