gene-database
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [SAFE]: No malicious patterns, obfuscation, or persistence mechanisms were detected. The skill's behavior matches its stated purpose of genomic data retrieval.
- [EXTERNAL_DOWNLOADS]: The skill connects to official NCBI API endpoints (ncbi.nlm.nih.gov) to retrieve gene metadata and sequences. These are well-known, trusted scientific services.
- [COMMAND_EXECUTION]: Provides Python scripts for searching and batching gene lookups. The code is transparent, uses standard Python libraries (urllib, json, argparse), and lacks dangerous operations like subprocess spawning or arbitrary code execution.
- [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection via the processing of external API responses. Ingestion points: scripts/query_gene.py, scripts/fetch_gene_data.py, and scripts/batch_gene_lookup.py retrieve data from NCBI. Boundary markers: Not explicitly implemented in the data parsing logic. Capability inventory: The scripts are restricted to network access and file system write operations for results. Sanitization: Standard JSON and XML parsing is used to extract specific metadata fields, providing a layer of protection against raw text injection.
Audit Metadata