clinicaltrials-database
Pass
Audited by Gen Agent Trust Hub on May 11, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill communicates with clinicaltrials.gov to fetch study details and search results. This is the primary function of the skill and targets a well-known scientific service.
- [COMMAND_EXECUTION]: The skill provides instructions and a helper script (scripts/query_clinicaltrials.py) to execute API queries via the command line and Python environment.
- [PROMPT_INJECTION]: The skill demonstrates an attack surface for indirect prompt injection through the ingestion of external data from the ClinicalTrials.gov API.
- Ingestion points: API response content retrieved in scripts/query_clinicaltrials.py and processed for display.
- Boundary markers: Absent; data is handled as structured JSON but lacks specific delimiters to separate external content from system instructions.
- Capability inventory: Includes network GET requests via the requests library and local file system writes for data export.
- Sanitization: No filtering or sanitization of the remote API data is implemented before the information is presented to the user.
Audit Metadata