audit-oe
Pass
Audited by Gen Agent Trust Hub on Apr 20, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill serves as a legitimate orchestration tool for academic and clinical research auditing. It performs parallel verification of citations across independent medical databases to ensure data fidelity.
- [DATA_PROCESSING]: The skill documents and implements a decoding routine for ROT-1 encoded metadata (the
originfield) provided by the OpenEvidence MCP tool. This is a standard data parsing step required to interpret provenance and does not represent malicious obfuscation. - [PROMPT_INJECTION]: The skill exhibits an inherent attack surface for indirect prompt injection because it processes untrusted research data from external APIs. However, this risk is mitigated by the skill's primary function as an auditor designed to detect discrepancies.
- Ingestion points: External data enters via the
oe_ask,get_article_metadata, andWebFetchtools as described in Phase 1 and Phase 3 ofSKILL.md. - Boundary markers: The workflow currently lacks explicit delimiter-based sanitization in its prompt templates, though it utilizes structured reporting (Phase 3 Agent Output Format).
- Capability inventory: The skill coordinates multiple sub-agents using different models (
haiku,sonnet) and has access to networking tools (WebFetch). - Sanitization: No explicit sanitization or filtering of external citation text is performed before it is passed to the verification agents.
Audit Metadata