pdb-database
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- EXTERNAL_DOWNLOADS (LOW): The skill performs network operations using
requests.getand thercsb-apipackage to fetch data fromrcsb.organd its subdomains (files.rcsb.org,data.rcsb.org). While these are reputable scientific sources, they are not on the pre-defined trust whitelist. - COMMAND_EXECUTION (MEDIUM): The skill demonstrates the ability to write downloaded content directly to the local file system (e.g.,
open(f"{pdb_id}.pdb", "w").write(response.text)). This capability, combined with external data ingestion, presents a risk if the source were compromised. - INDIRECT_PROMPT_INJECTION (MEDIUM): In line with Category 8 analysis:
- Ingestion points: Data enters the agent context via
fetch()(GraphQL/REST) andrequests.get()from external PDB servers. - Boundary markers: None present. The retrieved metadata (titles, descriptions, organism names) is processed and printed without delimiters.
- Capability inventory: The skill possesses network read capabilities and local file-write capabilities.
- Sanitization: No sanitization or validation of the retrieved text is observed before it is used in logic or displayed. A malicious entry in the PDB database could theoretically influence the agent's behavior.
- UNVERIFIABLE_DEPENDENCIES (LOW): The skill requires
rcsb-api,rcsbsearchapi,requests, andbiopython. These are standard tools in the bioinformatics community but should be pinned to specific versions to prevent supply chain attacks.
Audit Metadata