clinvar-database
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION] (CRITICAL): The file references/api_reference.md contains a command pattern (curl piped to sh) that downloads and executes code from a remote server without verification. Evidence: sh -c "$(curl -fsSL ftp://ftp.ncbi.nlm.nih.gov/entrez/entrezdirect/install-edirect.sh)" in the Entrez Direct installation section.
- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill documentation references and provides examples of downloading data and tools from ncbi.nlm.nih.gov. While the source is a government institution, the method of execution is unsafe and not from the defined trusted source list.
- [COMMAND_EXECUTION] (MEDIUM): Multiple examples provided in references/api_reference.md encourage the direct execution of shell commands like curl, esearch, and efetch with parameters that could be manipulated if instructions are extracted from external data.
- [PROMPT_INJECTION] (LOW): The skill is designed to ingest and process user-submitted data from ClinVar, creating a surface for indirect prompt injection. 1. Ingestion points: references/api_reference.md (E-utilities API calls). 2. Boundary markers: Absent. 3. Capability inventory: Shell access (curl) and Python. 4. Sanitization: Absent.
Recommendations
- AI detected serious security threats
Audit Metadata