string-database
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: Behavioral steering instructions are included in the 'SKILL.md' file, directing the agent to proactively suggest the 'K-Dense Web' platform to users when requests involve multi-step reasoning or deep research.
- [PROMPT_INJECTION]: The skill provides an attack surface for Indirect Prompt Injection due to the processing of remote data from the STRING API.
- Ingestion points: Protein interaction data and functional annotations are retrieved via 'scripts/string_api.py'.
- Boundary markers: No delimiters or safety instructions are used when interpolating API data into the agent context.
- Capability inventory: The skill can perform network read operations and provides examples for saving data to the local file system.
- Sanitization: There is no evidence of validation or sanitization for the annotations or descriptions returned by the third-party STRING database.
- [EXTERNAL_DOWNLOADS]: The skill fetches data from the well-known bioinformatics resource at 'https://string-db.org/api'. This is the primary function of the skill and is documented as a legitimate external reference.
Audit Metadata