gene-database
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- Indirect Prompt Injection (SAFE): The skill ingests data from NCBI APIs across all its scripts. Evidence: 1. Ingestion points: scripts/query_gene.py, scripts/fetch_gene_data.py, and scripts/batch_gene_lookup.py. 2. Boundary markers: Not used in command-line output. 3. Capability inventory: Scripts only perform data retrieval and display; no dangerous execution capabilities (eval, exec, or subprocess) are present. 4. Sanitization: Output is structured but not sanitized for prompt injection, though the source is a reputable scientific database.
- Data Exposure & Exfiltration (SAFE): Network requests are made to legitimate NCBI domains (ncbi.nlm.nih.gov) necessary for gene data retrieval. No sensitive local file access or exfiltration patterns were observed.
- Credentials Unsafe (SAFE): API keys are handled via command-line arguments and headers without hardcoded secrets.
Audit Metadata