openevidence
Pass
Audited by Gen Agent Trust Hub on May 12, 2026
Risk Level: SAFE
Full Analysis
- [DATA_EXPOSURE]: The skill manages authentication via a
cookies.jsonfile, which it searches for in several predictable local paths (environment variable, current directory, skill directory, and home directory). This is a standard mechanism for CLI tools interacting with authenticated web services and is documented in the README with warnings not to commit the file. - [EXTERNAL_DOWNLOADS]: The script communicates with
www.openevidence.comfor its primary functionality andapi.crossref.orgfor bibliographic validation. It also facilitates downloading figure images from URLs provided by the OpenEvidence API. These operations are consistent with the skill's medical evidence retrieval purpose. - [INDIRECT_PROMPT_INJECTION]: The skill processes data from the OpenEvidence API, which is then returned to the agent. This creates a surface for indirect prompt injection if the external data contains malicious instructions.
- Ingestion points: Data is ingested via
scripts/oe.pythrough calls toget_json()andpost_json(). - Boundary markers: The script does not wrap the extracted text in specific delimiters or safety warnings for the agent.
- Capability inventory: The skill has the ability to write files to the local system (
save_artifacts) and perform network requests (urllib.request). - Sanitization: The script performs JSON parsing and uses regular expressions to extract specific text and figure components from the raw API response.
Audit Metadata