clinvar-database
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- REMOTE_CODE_EXECUTION (HIGH): In
references/api_reference.md, the skill recommends installing Entrez Direct usingsh -c "$(curl -fsSL ftp://ftp.ncbi.nlm.nih.gov/entrez/entrezdirect/install-edirect.sh)". Piping a remote script directly to a shell is a critical risk pattern that bypasses security reviews of the executed code. - EXTERNAL_DOWNLOADS (LOW): The skill references and downloads tools from
ftp.ncbi.nlm.nih.gov. Although this is a reputable government source, it is not on the specific list of trusted providers, making it an unverified external dependency. - PROMPT_INJECTION (LOW): The skill implements an interface for ingesting data from the ClinVar API as seen in
references/api_reference.md. It lacks documented boundary markers or sanitization processes, which is a requirement for preventing indirect prompt injection from external data sources. - CREDENTIALS_UNSAFE (SAFE): The documentation correctly uses placeholders like
<YOUR_KEY>and<YOUR_EMAIL>for sensitive configuration, with no hardcoded secrets detected.
Recommendations
- AI detected serious security threats
Audit Metadata