gget

The skill description for gget is broadly coherent with its stated purpose as a multi-database bioinformatics CLI/Python package. However, several red flags are present: credential prompts and API keys are referenced without explicit secret management; heavyweight, large-data/ML-model downloads are described without clear provenance or verification; install instructions include nonstandard commands (uv uv pip install) and references to external dependencies that may be fetched during runtime; and sensitive data interactions with multiple external services could lead to data exposure if not properly sandboxed. Given these indicators, the footprint is leaning toward suspicious rather than benign, due to potential misconfigurations, unclear secret handling, and broad data-access patterns across many external services. Without additional security controls (secret management, version-pinned dependencies, explicit data minimization & logging policies, and verified download sources), this SKILL presents notable supply-chain and data-flow risks that warrant cautious treatment and thorough review before deployment in a production or enterprise environment.