cosmic-database
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill processes genomic data files from external sources, which provides a surface for indirect prompt injection attacks.\n
- Ingestion points: Untrusted data is downloaded via
scripts/download_cosmic.pyand read into the agent context usingpandas.read_csvandpysam.VariantFileas shown inSKILL.md.\n - Boundary markers: Absent. The documentation and scripts do not implement delimiters or instructions to disregard potential commands embedded within the genomic data files.\n
- Capability inventory: The skill possesses file-writing capabilities in
scripts/download_cosmic.py(line 103). It does not include high-risk capabilities like subprocess execution or dynamic code evaluation (eval/exec).\n - Sanitization: Absent. No sanitization or validation logic is applied to the contents of the downloaded data files before they are processed by the agent.\n- [SAFE] (SAFE): No malicious code or exfiltration patterns were detected. All network communication is restricted to the legitimate COSMIC database domain at
cancer.sanger.ac.uk. Credential handling is standard for a command-line research utility.
Audit Metadata