Skills
NYC
skills/drshailesh88/integrated_content_os/kegg-database/Gen Agent Trust Hub

kegg-database

Pass

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: LOWDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [DATA_EXFILTRATION] (LOW): The script performs network requests to an external domain (rest.kegg.jp) that is not included in the trusted whitelist. While this is necessary for the skill's functionality, it represents an external data endpoint.
  • Evidence: KEGG_BASE_URL = "https://rest.kegg.jp" is used in all API interaction functions via urllib.request.urlopen.
  • [PROMPT_INJECTION] (INFO): The skill is susceptible to Indirect Prompt Injection (Category 8) because it retrieves and returns raw data from an external API to the agent.
  • Ingestion points: Functions kegg_info, kegg_list, kegg_find, kegg_get, kegg_conv, kegg_link, and kegg_ddi in scripts/kegg_api.py ingest data from the KEGG REST API.
  • Boundary markers: Absent. The raw response text is returned directly to the agent.
  • Capability inventory: The skill is limited to read-only network operations; it does not possess file-writing, command execution, or system modification capabilities.
  • Sanitization: No sanitization or validation is performed on the data retrieved from the API before it is passed to the agent.
Audit Metadata
Risk Level
LOW
Analyzed
Feb 16, 2026, 03:33 AM