The Agent Skills Directory

[EXTERNAL_DOWNLOADS] (LOW): The skill installs the third-party bioservices package and makes numerous network requests to bioinformatics web services (UniProt, KEGG, NCBI, etc.). These are legitimate and required for the stated functionality.
Evidence: uv pip install bioservices and usage of various service classes like UniProt, KEGG, and NCBIblast.
[COMMAND_EXECUTION] (LOW): The documentation suggests running local Python scripts provided within the skill's directory for specific workflows.
Evidence: Examples such as python scripts/protein_analysis_workflow.py.
[DATA_EXFILTRATION] (INFO): Uses an email address for NCBI BLAST searches as required by the NCBI API policy, which is a standard procedure for this scientific tool.
Evidence: email="your.email@example.com" # Required by NCBI in the NCBIblast usage section.
[PROMPT_INJECTION] (LOW): The skill possesses a surface for indirect prompt injection by ingesting large volumes of external data from scientific databases. However, this is inherent to its purpose as a data retrieval tool and is not exploited by the skill's own instructions.
Evidence: Integration with 40+ external bioinformatics services that return XML, JSON, and TSV data.

bioservices