bio-blast
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (LOW): The skill communicates with the external NCBI BLAST service at blast.ncbi.nlm.nih.gov. While this is the intended primary function of the bioinformatics tool, the domain is not on the predefined trusted list.
- [DATA_EXFILTRATION] (LOW): The skill transmits biological sequence data provided via the
--sequenceor--fastaarguments to the NCBI servers for processing. Users should ensure they are not submitting proprietary or sensitive genomic data if they wish to remain private. - [COMMAND_EXECUTION] (SAFE): The provided Python scripts (
run_blast_biopython.py, etc.) utilize well-maintained and reputable libraries such asbiopythonandtyper. The code does not perform any unauthorized system commands or privilege escalation. - [PROMPT_INJECTION] (LOW): The skill is susceptible to indirect prompt injection (Category 8). It retrieves data from an external, potentially attacker-influenced source (BLAST hits from NCBI) and returns this data in a structured format. If a downstream LLM processes the hit titles or descriptions without sanitization, it could be influenced by malicious content embedded in those strings.
- Ingestion points: Untrusted sequence data enters through the
--sequenceCLI argument or the contents of files specified by--fastainscripts/run_blast_biopython.py. - Boundary markers: Absent; sequence data and resulting BLAST hits are not enclosed in delimiters or accompanied by instructions to ignore embedded commands.
- Capability inventory: The script performs network requests to NCBI via
NCBIWWW.qblastand can write results to the local filesystem usingPath.write_textif an--outputpath is provided. - Sanitization: No sanitization is performed on the
titleoraccessionfields retrieved from NCBI before they are serialized into JSON output.
Audit Metadata