foldseek
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEDATA_EXFILTRATIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION] (LOW): The skill provides an example of using
curlto upload a structural file (query.pdb) tohttps://search.foldseek.com/api/ticket. While this is the official API for the tool, it involves sending potentially proprietary research data to a non-whitelisted external domain. - [COMMAND_EXECUTION] (SAFE): The Python implementation uses
subprocess.runwith a list of arguments rather than a shell string. This is a secure practice that prevents shell injection even if input parameters are untrusted. - [EXTERNAL_DOWNLOADS] (SAFE): The skill recommends installing software via
condafrom thebiocondaandconda-forgechannels. These are highly reputable and standard repositories within the scientific computing community. - [PROMPT_INJECTION] (LOW): The skill is susceptible to indirect prompt injection (Category 8).
- Ingestion points: Processes external
query.pdbfiles provided by the user or found in the environment. - Boundary markers: None specified for the input data or the resulting CSV output.
- Capability inventory: Execution of the
foldseekbinary and reading resultant tabular data intopandasfor further processing. - Sanitization: No sanitization of the PDB content or the tool's output is performed before it is presented back to the agent.
Audit Metadata