kegg-database
Pass
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: LOWEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (LOW): The script makes HTTP GET requests to https://rest.kegg.jp using urllib.request in all API wrapper functions. While this is the core functionality of the skill, the domain is not in the predefined trusted list.
- PROMPT_INJECTION (LOW): This skill exposes a surface for indirect prompt injection (Category 8). 1. Ingestion points: Untrusted data is ingested from KEGG API responses throughout scripts/kegg_api.py. 2. Boundary markers: No delimiters or instructions are used to separate API data from agent instructions. 3. Capability inventory: The skill performs network GET operations but does not have file-write or subprocess execution capabilities. 4. Sanitization: No sanitization or filtering is performed on the raw text returned by the API before it is passed back to the agent. Maliciously crafted biological data in the KEGG database could theoretically influence the agent's behavior.
Audit Metadata