biorxiv-search
Pass
Audited by Gen Agent Trust Hub on Apr 12, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides a CLI script (
scripts/search) to perform searches. This script invokes a Python backend that usesargparseandshlexfor safe command-line argument handling, avoiding dangerous shell interpolation or execution of arbitrary code. - [EXTERNAL_DOWNLOADS]: The skill communicates with the official bioRxiv API (
api.biorxiv.org) to fetch metadata. This is a well-known scientific service, and the network access is limited to the skill's primary function of preprint discovery. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes untrusted text data (abstracts and titles) from an external public source.
- Ingestion points: Preprint metadata (titles and abstracts) is fetched from
https://api.biorxiv.org/details/biorxivinscripts/search.py. - Boundary markers: The data is returned to the agent as structured JSON. However, there are no explicit delimiters or instructions in the output to treat retrieved text as untrusted or to ignore any embedded instructions.
- Capability inventory: The search script has network access (to bioRxiv) and writes to standard output, but it does not have the capability to execute shell commands, modify files, or spawn subprocesses beyond its own execution.
- Sanitization: The script performs basic whitespace normalization on the retrieved text but does not sanitize or escape content for potential prompt injection patterns.
- [SAFE]: The skill demonstrates good security practices for its use case, including bounded search intervals, pagination management, and version-aware result filtering.
Audit Metadata