bio-geo-data
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill possesses a significant attack surface by ingesting external content from NCBI and having file-writing capabilities. * Ingestion points: Data is ingested via
Entrez.read(multiple locations) andGEOparse.get_GEO(line 211). * Boundary markers: None are present to distinguish between instructions and data. * Capability inventory: The skill can write files to the local system usingurllib.request.urlretrieve(line 247) and shell commands likewget(line 233). * Sanitization: There is no evidence of sanitization or filtering of the external data before it enters the agent's context. - Unverifiable Dependencies (MEDIUM): The skill documentation recommends installing
biopythonandGEOparsevia pip. These are external packages from public repositories that are not within the explicitly trusted provider scope. - External Downloads (MEDIUM): The skill is designed to perform network operations to
ncbi.nlm.nih.govandftp.ncbi.nlm.nih.govto retrieve biological datasets and metadata. - Command Execution (LOW): The skill includes bash snippets for using
wgetto download data, which involves interacting with the system shell.
Recommendations
- AI detected serious security threats
Audit Metadata