pdb
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [External Downloads] (LOW): The skill downloads protein structure files (PDB and mmCIF formats) from external domains (files.rcsb.org and rcsb.org). While these are reputable scientific sources, they are not on the predefined trusted list.
- [Command Execution] (LOW): The skill provides bash commands using
curlto write downloaded data directly to the local file system. There is no evidence of these files being executed, but it establishes a pattern of local file modification via network data. - [Indirect Prompt Injection] (LOW): This skill exhibits a vulnerability surface by ingesting external content from the RCSB API.
- Ingestion points: Python
requests.get()andBio.PDBparser read content from RCSB URLs. - Boundary markers: None present; the skill treats API responses as trusted data.
- Capability inventory: Uses
PDBIO.save()and standard filewrite()operations to save external data to disk. - Sanitization: None. The skill assumes the PDB source is formatted correctly and non-malicious.
Audit Metadata