biopython
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection because it is designed to parse and process biological data files (e.g., FASTA, GenBank, PDB, BLAST XML) that may contain adversarial text in metadata or description fields. \n
- Ingestion points: Biological data enters the agent context via parsers such as
SeqIO.parse()(sequence_io.md),PDBParser.get_structure()(structure.md), andNCBIXML.read()(blast.md). \n - Boundary markers: The provided code patterns do not include delimiters or instructions to ignore potential commands embedded within biological record headers. \n
- Capability inventory: The skill allows for spawning local subprocesses via command-line wrappers, performing network requests to NCBI databases, and writing files to the local system. \n
- Sanitization: No explicit sanitization or validation of record headers or annotations is demonstrated in the examples before the content is presented to the agent context.\n- [COMMAND_EXECUTION]: The skill provides wrappers for executing local bioinformatics binaries on the system.\n
- Evidence: Documentation and examples show usage of
NcbiblastnCommandline(blast.md),ClustalOmegaCommandline, andMuscleCommandline(alignment.md) to run external software packages.\n- [EXTERNAL_DOWNLOADS]: The skill facilitates downloading sequences and publication data from official scientific databases.\n - Evidence: Programmatic access to NCBI services is provided through
Bio.Entrez(databases.md) andBio.Blast.NCBIWWW(blast.md), which connect to well-known domains (e.g., ncbi.nlm.nih.gov).
Audit Metadata