biopython
Pass
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill processes complex biological data from external files and remote databases, which introduces a surface for indirect prompt injection.
- Ingestion points: Uses
Bio.SeqIO.parseinreferences/sequence-io.md,Bio.Entrez.readinreferences/databases.md, andBio.Blast.NCBIXML.readinreferences/blast.mdto ingest external sequence data and search results. - Boundary markers: Code examples do not demonstrate the use of delimiters or instructions to ignore embedded commands within processed data.
- Capability inventory: The skill can execute local binaries via subprocess wrappers (e.g.,
NcbiblastnCommandlineinreferences/blast.md) and perform file system operations (e.g.,SeqIO.writeinreferences/sequence-io.md). - Sanitization: Relies on standard Biopython library parsers without additional sanitization for potentially malicious content within sequences or metadata fields.
- [COMMAND_EXECUTION]: The skill uses command-line wrappers to execute local bioinformatics binaries.
- Evidence: Wrappers like
NcbiblastnCommandline,ClustalOmegaCommandline, andMuscleCommandlineinreferences/blast.mdandreferences/alignment.mdare used to run external tools such as BLAST+, Clustal Omega, and MUSCLE. - [EXTERNAL_DOWNLOADS]: The skill interacts with well-known biological databases and search services.
- Evidence: Facilitates network requests to official NCBI (National Center for Biotechnology Information) endpoints using
Bio.EntrezandBio.Blast.NCBIWWWto retrieve records and perform remote searches.
Audit Metadata