biorxiv-database
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill fetches preprint metadata and PDFs from bioRxiv's official API and website.\n
- Evidence: Requests are made to api.biorxiv.org and www.biorxiv.org in scripts/biorxiv_search.py.\n
- Note: These are well-known services for the life sciences community.\n- [PROMPT_INJECTION]: The skill processes untrusted text from external sources, making it susceptible to indirect prompt injection.\n
- Ingestion points: Preprint titles and abstracts are retrieved via the BioRxivSearcher class in scripts/biorxiv_search.py.\n
- Boundary markers: The skill does not use delimiters or warnings to isolate retrieved content from the agent's instructions.\n
- Capability inventory: The skill can write search results and PDFs to the file system using the --output and --download-pdf flags across multiple Python methods.\n
- Sanitization: No validation or sanitization of the retrieved text is performed before it is output to the user or agent context.\n- [COMMAND_EXECUTION]: The Python script writes data to file paths provided as command-line arguments without validation.\n
- Evidence: In scripts/biorxiv_search.py, args.output and args.download_pdf are passed directly to the open() function for writing.\n
- Impact: This could allow an agent to be manipulated into overwriting files if sensitive paths (e.g., shell profiles or configuration files) are provided by the model or user.
Audit Metadata