etetoolkit
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (LOW): The scripts require the
ete3Python library. While a standard tool in bioinformatics, it is an external dependency not found in the trusted repository list provided in the instructions. - [PROMPT_INJECTION] (LOW): The skill possesses an indirect prompt injection surface because it processes untrusted Newick-format tree files which may contain malicious instructions in node or leaf labels.
- Ingestion points: Files are loaded via
ete3.Treeinscripts/quick_visualize.pyandscripts/tree_operations.py. - Boundary markers: Absent; there are no delimiters or warnings to separate processed tree data from the agent's instruction context.
- Capability inventory: The scripts can perform file writes (
tree.write,tree.render) and output content to the console, providing a potential path for data manipulation if an agent follows instructions embedded in tree data. - Sanitization: No validation, escaping, or sanitization of tree labels or metadata is performed before the data is processed or output.
- [DATA_EXFILTRATION] (SAFE): No unauthorized network activity or access to hardcoded sensitive files was detected. File operations are performed on paths specified by user arguments for intended functionality.
- [COMMAND_EXECUTION] (SAFE): The scripts use
argparsewith strict type casting (e.g.,intfor dimensions) and do not utilize dangerous functions likeeval()oros.system()to process inputs.
Audit Metadata