gene-database
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill possesses an attack surface where untrusted data from external sources is processed by the agent. 1. Ingestion points: Data is retrieved from NCBI E-utilities and Datasets APIs (ncbi.nlm.nih.gov) via query_gene.py and fetch_gene_data.py. 2. Boundary markers: No explicit delimiters or instructions to ignore embedded content are defined in the scripts or documentation. 3. Capability inventory: The skill uses Python scripts to perform network requests and write results to local files (e.g., results.json). 4. Sanitization: No explicit sanitization or validation of the API response content is documented.
Audit Metadata