The Agent Skills Directory

[Data Exposure & Exfiltration] (SAFE): Network requests are directed to official NCBI domains (ncbi.nlm.nih.gov and api.ncbi.nlm.nih.gov). While these are not on the predefined whitelist, they are necessary for the skill's primary biological data-retrieval purpose.
[Indirect Prompt Injection] (SAFE): The skill possesses a surface for indirect prompt injection as it processes external API data. Ingestion points: NCBI API responses in scripts/query_gene.py and scripts/fetch_gene_data.py. Boundary markers: None. Capability inventory: Local file reading and writing in scripts/batch_gene_lookup.py for batch processing. Sanitization: None, though data is parsed through standard JSON and XML libraries.
[Unverifiable Dependencies & Remote Code Execution] (SAFE): The skill does not rely on external Python or Node.js packages, utilizing only standard libraries, which significantly reduces the risk of supply chain attacks or remote code execution.
[Command Execution] (SAFE): No dangerous shell commands, subprocess spawning with unsanitized input, or dynamic code evaluation (eval/exec) are present in the provided scripts.

gene-database