bindcraft
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION] (MEDIUM): The skill directs the agent to download and execute code from an untrusted GitHub repository. Although this is the primary mechanism for the tool's operation, the repository owner (
martinpacesa) is not a verified trusted organization. Severity is adjusted to MEDIUM per the primary purpose rule. Evidence:git clone https://github.com/martinpacesa/BindCraft.gitfollowed bypython bindcraft.pyinSKILL.md.\n- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill fetches code and requirements from an unverified external source. Evidence:https://github.com/martinpacesa/BindCraft.gitandpip install -r requirements.txt.\n- [COMMAND_EXECUTION] (MEDIUM): The skill executes local Python scripts and cloud-based Modal commands that rely on external content. Evidence:modal run modal_bindcraft.pyandpython bindcraft.py.\n- [PROMPT_INJECTION] (LOW): The skill ingests structural data from user-provided PDB files without sanitization, creating an attack surface for indirect prompt injection if the agent processes the file contents. 1. Ingestion points:target.pdbinSKILL.md. 2. Boundary markers: Absent. 3. Capability inventory: Local Python and cloud Modal execution. 4. Sanitization: Not documented.
Audit Metadata