etetoolkit
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill utilizes the NCBITaxa class from the ete3 library, which fetches taxonomy data from the National Center for Biotechnology Information (NCBI). This involves a one-time download of the database (
300MB) to the local file system (/.etetoolkit/taxa.sqlite) to enable taxonomic queries. - [COMMAND_EXECUTION]: The skill provides utility scripts (tree_operations.py and quick_visualize.py) that perform local processing on tree data files. These scripts allow for common tasks like format conversion, rerooting, and rendering trees into PDF, PNG, or SVG formats based on user-supplied parameters.
- [SAFE]: The skill exhibits an indirect prompt injection surface as it ingests user-provided Newick and NHX tree files in scripts/tree_operations.py and scripts/quick_visualize.py. While boundary markers and explicit sanitization are absent, the risk is low and inherent to the tool's scientific purpose. The capability inventory is restricted to standard file operations and rendering via the ete3 library.
Audit Metadata