The Agent Skills Directory

[REMOTE_CODE_EXECUTION] (CRITICAL): File references/api_reference.md contains an installation command: sh -c "$(curl -fsSL ftp://ftp.ncbi.nlm.nih.gov/entrez/entrezdirect/install-edirect.sh)". This pattern downloads a script via an unencrypted FTP protocol and executes it immediately in a shell, providing a direct vector for arbitrary code execution. \n- [COMMAND_EXECUTION] (MEDIUM): The documentation provides multiple curl command examples for interacting with the ClinVar API. If an agent uses these examples to construct shell commands without strict sanitization, it could be vulnerable to command injection through malicious query parameters. \n- [PROMPT_INJECTION] (LOW): The skill is designed to ingest data from an external source (NCBI E-utilities), creating a surface for indirect prompt injection. \n
Ingestion points: API responses from esearch.fcgi, esummary.fcgi, and efetch.fcgi described in references/api_reference.md. \n
Boundary markers: None are specified in the documentation or provided code. \n
Capability inventory: The skill utilizes shell commands (curl) and Biopython's Entrez library to fetch and process external data. \n
Sanitization: No sanitization or validation logic is demonstrated in the provided reference materials.

clinvar-database