worldcat-search-api
Pass
Audited by Gen Agent Trust Hub on Apr 13, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill processes external data from library records, which represents a potential surface for indirect prompt injection.
- Ingestion points: Bibliographic metadata (e.g., titles, authors) retrieved from the WorldCat Search API in SKILL.md.
- Boundary markers: No explicit delimiters or instructions to ignore embedded commands are included in the example implementation.
- Capability inventory: The skill utilizes the 'requests' library for network operations.
- Sanitization: The implementation parses structured JSON but does not perform content-level sanitization on strings returned by the API.
- [EXTERNAL_DOWNLOADS]: The skill interacts with official OCLC infrastructure (worldcat.org and oclc.org) to fetch bibliographic records and authentication tokens.
Audit Metadata