uniprot-database
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS] (SAFE): The skill performs HTTP GET and POST requests to "rest.uniprot.org", which is the official endpoint for the UniProt database. This behavior is consistent with the skill's stated purpose of retrieving bioinformatics data.
- [DATA_EXFILTRATION] (SAFE): No sensitive local data access or unauthorized exfiltration of user credentials was detected. All network traffic is directed toward legitimate UniProt services.
- [COMMAND_EXECUTION] (SAFE): No use of "subprocess", "os.system", "eval", or "exec" was found. The Python script uses the standard "requests" library for API interactions.
- [INDIRECT_PROMPT_INJECTION] (SAFE): The skill ingests data from an external API (UniProt). While this introduces a surface where poisoned external data could influence an agent's downstream behavior, the risk is inherent to the bioinformatics use case and no specific malicious triggers were found.
- Ingestion points: API response bodies in "uniprot_client.py" (functions search_proteins, get_protein, stream_results, map_ids).
- Boundary markers: Absent.
- Capability inventory: Network requests via "requests.get" and "requests.post". No command execution or file writes across all scripts.
- Sanitization: Standard URL encoding of query parameters provided by the "requests" library.
Audit Metadata