alphafold-database
Warn
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: In
SKILL.md, thedownload_proteomefunction usessubprocess.run(cmd, shell=True, check=True)where the command string is constructed using f-strings from variablestaxonomy_idandoutput_dir. This pattern is vulnerable to command injection if an agent populates these parameters with unsanitized input from a user prompt. - [EXTERNAL_DOWNLOADS]: The skill fetches configuration and data from
alphafold.ebi.ac.ukanduniprot.org, and accesses public datasets on Google Cloud Storage (gs://public-datasets-deepmind-alphafold-v4). These are well-known scientific and cloud services, and the references are consistent with the skill's purpose. - [PROMPT_INJECTION]: The skill has an indirect prompt injection surface as it processes external data from scientific APIs without explicit boundary markers.
- Ingestion points: Data is ingested from REST API responses (AlphaFold/UniProt) and BigQuery metadata in
SKILL.md. - Boundary markers: No explicit delimiters or instructions to ignore embedded content are used in the provided Python examples.
- Capability inventory: The skill can execute shell commands (
subprocess.run), perform network requests (requests,urllib), and write to the file system. - Sanitization: The provided Python examples do not demonstrate validation or sanitization of external data before it is used in command execution or further processing.
Audit Metadata