fastfold-fold-job
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill exhibits a high-risk attack surface where data from the FastFold API (api.fastfold.ai) is used to influence agent behavior and perform file operations.
- Ingestion points: API responses are ingested in
scripts/download_cif.py,scripts/fetch_results.py, andscripts/wait_for_completion.pyvia theget_resultsfunction. - Boundary markers: There are no delimiters or instructions to ignore embedded commands when processing API JSON.
- Capability inventory: The skill can perform network requests (
requests.get/post) and write files to the local disk (scripts/download_cif.py). - Sanitization: No validation or sanitization is performed on API-provided data, such as
cif_urlorjob_id, before use in side-effecting operations. - External Downloads (HIGH):
scripts/download_cif.pydownloads content from URLs provided in the API response and writes them to the local filesystem. If the API is compromised or manipulated, it could be used to deliver malicious payloads or overwrite system files. - Path Traversal (MEDIUM): In
scripts/download_cif.py, thejob_idargument is directly concatenated into a file path:os.path.join(args.dir, f"{args.job_id}.cif"). A malicious job ID containing../could allow writing files outside the intended directory. - Unverifiable Dependencies (LOW): The scripts require the
requestslibrary. While a standard package, it is an external dependency that must be installed by the user and is not from a whitelisted trusted source.
Recommendations
- AI detected serious security threats
Audit Metadata