gget
Pass
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: LOWEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (INFO): The scripts rely on the
ggetlibrary to perform network requests to external biological databases (e.g., NCBI for BLAST, Ensembl for gene info, and ARCHS4 for expression data). These are standard operations for bioinformatics tools. - [PROMPT_INJECTION] (LOW): Category 8: Indirect Prompt Injection surface. The skill ingests untrusted data from FASTA files (
read_fastainbatch_sequence_analysis.py) and gene lists (read_gene_listinenrichment_pipeline.py). - Ingestion points: FASTA headers and sequence IDs, CSV columns containing gene names.
- Boundary markers: None. Data is parsed directly into Python dictionaries and dataframes.
- Capability inventory: File system writes (
to_csv,f.write), network operations (viaggetAPI calls). - Sanitization: Standard biological format parsing is performed, but no specific sanitization against prompt-injection-style strings (e.g., instructions hidden in FASTA headers) is present. If the agent later processes the resulting CSV or FASTA outputs, it could be influenced by malicious strings within those files.
Audit Metadata