Skills
skills/k-dense-ai/claude-scientific-skills/alphafold-database/Gen Agent Trust Hub

alphafold-database

Pass

Audited by Gen Agent Trust Hub on Mar 3, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill demonstrates the use of the gsutil CLI for bulk data access. The provided code examples prioritize security by using subprocess.run with argument lists rather than shell strings and implement input validation (e.g., integer type-checking for taxonomy IDs) to mitigate command injection risks.
  • [EXTERNAL_DOWNLOADS]: The skill fetches protein metadata, coordinate files (mmCIF/PDB), and confidence metrics from established and trusted scientific services including the European Bioinformatics Institute (EMBL-EBI) and UniProt.
  • [PROMPT_INJECTION]: The skill includes a surface for indirect prompt injection due to its core function of processing external biological data. \n
  • Ingestion points: Untrusted data enters the context via REST API responses and file downloads from alphafold.ebi.ac.uk and uniprot.org as seen in SKILL.md and api_reference.md. \n
  • Boundary markers: The skill does not currently implement explicit delimiters or instructions to ignore embedded commands within the retrieved protein metadata. \n
  • Capability inventory: The skill possesses capabilities to write files to the local system and execute subprocess commands (via gsutil). \n
  • Sanitization: While the skill includes defensive examples for input validation of local variables, the content of the remote API responses (e.g., protein descriptions or gene names) is parsed and used without further sanitization.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 3, 2026, 08:47 PM