patent-risk-checker
Pass
Audited by Gen Agent Trust Hub on Jun 27, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the 'Bash' tool to execute the
patent_risk_checker.pyscript. The script takes JSON-formatted arguments to perform its analysis, which is the intended functionality of the skill. - [EXTERNAL_DOWNLOADS]: The skill references standard, well-known Python packages including
matplotlib,numpy,Pillow, andadjustTextfor its visualization features. These are standard dependencies for data science and plotting tasks. - [CREDENTIALS_UNSAFE]: The skill correctly manages sensitive credentials by requiring them to be provided via environment variables (
NEXSCOPE_API_KEY,NEXSCOPE_PROXY_BASE) rather than hardcoding them in the source code. - [DATA_EXFILTRATION]: Network operations are restricted to the vendor-provided API proxy (
NEXSCOPE_PROXY_BASE) for the purpose of querying the patent database. No evidence of unauthorized data transmission to third-party domains was found. - [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted user data such as image URLs and product descriptions. While this presents an attack surface where a user might attempt to inject malicious content, the script uses robust JSON parsing (
json.loads) and standard API interactions that mitigate the risk of instructions being executed as code. - Ingestion points: User-provided
imageUrl,productTitle, andproductDescriptioninSKILL.md. - Boundary markers: The skill documentation suggests wrapping JSON arguments in single quotes for shell execution.
- Capability inventory: The skill has access to the
Bash,Read, andWritetools. - Sanitization: Inputs are parsed as JSON objects within the Python environment, preventing raw string interpolation from triggering unintended logic.
Audit Metadata