cosmic-database
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION] (LOW): Indirect Prompt Injection Surface (Category 8). \n
- Ingestion points:
scripts/download_cosmic.pydownloads data from external COSMIC servers. \n - Boundary markers: Absent; data is processed directly by the agent or subsequent scripts. \n
- Capability inventory: File system write access (
scripts/download_cosmic.py) and network read operations. \n - Sanitization: Absent; the skill relies on the integrity of the remote database. \n- [CREDENTIALS_UNSAFE] (LOW): The
scripts/download_cosmic.pyscript allows account passwords to be passed via CLI arguments, which may leak secrets into shell history or system process listings. \n- [EXTERNAL_DOWNLOADS] (SAFE): Downloads are restricted to the official COSMIC domain (cancer.sanger.ac.uk), which is a trustworthy and reputable source for scientific research data.
Audit Metadata