openalex
Pass
Audited by Gen Agent Trust Hub on May 2, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a local Python script (openalex_fetch.py) to process search queries. The script is located using the find command within restricted paths (tools/ or ~/.claude/skills/), which is an expected operational pattern.
- [EXTERNAL_DOWNLOADS]: The skill utilizes the requests library, a well-known and trusted package for handling API requests.
- [SAFE]: API keys are managed using .env files and environment variables, following industry-standard security practices for secret management.
- [SAFE]: The skill ingests untrusted data from the OpenAlex API (paper titles and abstracts). Ingestion point: openalex_fetch.py output; Boundary markers: data is encapsulated in Markdown tables; Capability inventory: Bash, Read, Write; Sanitization: not explicitly implemented in instructions. This represents a standard surface for indirect prompt injection with negligible risk in this context.
Audit Metadata