pdb-database
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (SAFE): The skill downloads coordinate files and structural data from official RCSB PDB repositories (files.rcsb.org and data.rcsb.org), which are trusted scientific sources.
- REMOTE_CODE_EXECUTION (LOW): The skill installs the external package 'rcsb-api' (github.com/rcsb/py-rcsb-api). While the rcsb organization is not on the specific trusted list, it is a globally recognized scientific body, and the package is essential for the skill's primary function.
- DATA_EXFILTRATION (SAFE): Network and file system activity is limited to downloading and storing biological structure files for analysis. No sensitive system or user data access was detected.
- PROMPT_INJECTION (LOW): The skill is subject to indirect prompt injection (Category 8) risks from untrusted structural metadata. Evidence chain: 1. Ingestion points: 'fetch' and 'TextQuery' functions in SKILL.md. 2. Boundary markers: Absent. 3. Capability inventory: Network access to RCSB and local file writing for coordinate data. 4. Sanitization: Absent. The risk is considered low due to the scientific nature of the data source.
Audit Metadata