Skills
skills/aperivue/medsci-skills/fulltext-retrieval/Gen Agent Trust Hub

fulltext-retrieval

Pass

Audited by Gen Agent Trust Hub on Apr 22, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill downloads research papers and metadata from established academic and government repositories including NCBI (PMC), Europe PMC, Unpaywall, OpenAlex, and Crossref. These are well-known, reputable sources in the scientific community.
  • [COMMAND_EXECUTION]: The provided Python scripts are intended for command-line execution by the agent. fetch_oa.py uses only Python standard libraries to perform HTTP requests and file operations. pdf_to_md.py uses the well-known pymupdf4llm library for PDF processing.
  • [DATA_EXPOSURE_EXFILTRATION]: The skill requires a contact email to comply with the 'polite' usage policies of academic APIs (Unpaywall/Crossref). This is standard practice for research tools and is transparently requested from the user.
  • [INDIRECT_PROMPT_INJECTION]: The skill has a data ingestion surface as it processes external DOI lists and PDF content.
  • Ingestion points: fetch_oa.py reads DOI lists; pdf_to_md.py processes downloaded PDF files.
  • Boundary markers: Not explicitly defined in the processing scripts.
  • Capability inventory: The skill possesses network read access and local file write access.
  • Sanitization: PDF conversion extracts text layer data; DOI inputs are validated via regex patterns.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 22, 2026, 06:26 AM
Security Audit — agent-trust-hub — fulltext-retrieval