ensembl-database
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
- Unverifiable Dependencies (LOW): The skill requires the installation of the 'ensembl_rest' Python package. While not on the list of trusted external sources, this package is necessary for the skill's primary purpose of querying genomic data, which allows for a downgrade in severity from MEDIUM to LOW.
- Data Exfiltration (LOW): The skill performs network operations to 'rest.ensembl.org' and 'grch37.rest.ensembl.org'. These are non-whitelisted domains, but communication is limited to biological data retrieval necessary for the skill's operation.
- Indirect Prompt Injection (LOW): The skill ingests data from an external API, creating a surface for potential instruction injection. Evidence: 1. Ingestion points: Ensembl REST API responses (json, fasta). 2. Boundary markers: Absent in the provided Python examples. 3. Capability inventory: Network requests via requests and ensembl_rest. 4. Sanitization: No evidence of input/output sanitization in the documentation.
Audit Metadata