openalex
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill relies on the
openalexCLI tool to perform academic searches and metadata lookups. It executes shell commands with parameters derived from user input, such as titles, IDs, and DOIs. - [EXTERNAL_DOWNLOADS]: The skill requires the installation of the
openalex-skillpackage from the NPM registry as part of the initial setup. - [EXTERNAL_DOWNLOADS]: The
openalex works downloadcommand fetches PDF files from external URLs and landing pages associated with academic records. - [PROMPT_INJECTION]: The skill is subject to indirect prompt injection risks as it processes and displays academic metadata (titles, abstracts, author names) retrieved from the OpenAlex API. Maliciously crafted metadata in the database could attempt to influence agent behavior.
- Ingestion points: Search results and entity metadata retrieved from the OpenAlex API via the
openalexCLI. - Boundary markers: None present; API results are displayed directly in the output format.
- Capability inventory: Subprocess execution (
openalexCLI) and file system writes (PDF downloads). - Sanitization: No specific sanitization or instruction-ignoring delimiters are mentioned for the external data ingested.
Audit Metadata