ena-database
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [External Downloads] (LOW): The skill documentation provides Python snippets utilizing the 'requests' library to interact with the 'ebi.ac.uk' domain. Since this domain is not included in the trusted source whitelist, it is classified as a low-severity finding for external network communication.
- [Indirect Prompt Injection] (LOW): The skill facilitates the ingestion of external metadata and sequence data from the ENA database, creating a vulnerability surface for indirect prompt injection where malicious instructions could be embedded in data records. Evidence: 1. Ingestion points: ENA Portal API and Browser API (ebi.ac.uk); 2. Boundary markers: None specified in documentation or snippets; 3. Capability inventory: The skill is informational and documentation-based, with no internal script files provided; 4. Sanitization: No sanitization or validation of the retrieved API data is described.
Audit Metadata