fold
Pass
Audited by Gen Agent Trust Hub on Feb 22, 2026
Risk Level: SAFE
Full Analysis
- SAFE (SAFE): No security issues detected. The skill demonstrates high-quality security hygiene across multiple dimensions.\n
- Credential Security: Instructions explicitly forbid sharing API keys in chat and mandate the use of a local .env file or environment variables. This prevents accidental credential leakage into logs or model training data.\n
- Network and Download Safety: Downloads are restricted to HTTPS and validated fastfold.ai subdomains. The download script (download_cif.py) also enforces file size limits and prevents HTTP redirects, mitigating potential SSRF or resource exhaustion attacks.\n
- Input Validation: The skill uses a dedicated utility module (security_utils.py) to validate UUIDs for job IDs and ensure API base URLs are well-formed and use secure schemes.\n
- Mitigation of Indirect Prompt Injection (Category 8): The skill identifies and mitigates the risk of instructions embedded in API data.\n
- Ingestion points: API responses from api.fastfold.ai containing job names, sequences, and artifact URLs (fetched in fetch_results.py and wait_for_completion.py).\n
- Boundary markers: SKILL.md contains explicit 'Security Guardrails' instructions for the agent to treat all API JSON as untrusted data and ignore embedded instructions.\n
- Capability inventory: Scripts perform targeted network requests and file writes but do not use dynamic execution (exec/eval) or shell execution of untrusted strings.\n
- Sanitization: Strict validation of IDs and URLs is implemented prior to use in network or file operations.\n
- Minimal Attack Surface: All provided scripts rely solely on the Python standard library, eliminating risks from malicious or vulnerable third-party packages.
Audit Metadata