kegg-database
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION] (LOW): The skill performs outbound network requests to rest.kegg.jp. Evidence: Use of urllib.request.urlopen in all functions in scripts/kegg_api.py. Context: While this domain is not on the trusted whitelist, it is the legitimate endpoint for the KEGG service, and the skill does not attempt to access or transmit sensitive local credentials.
- [PROMPT_INJECTION] (LOW): The skill is susceptible to indirect prompt injection because it ingests untrusted data from an external API. 1. Ingestion points: urllib.request.urlopen calls in scripts/kegg_api.py. 2. Boundary markers: None are present in the code to delimit API responses. 3. Capability inventory: The skill has no capabilities for subprocess execution, file-writing, or network exfiltration of local data; it only returns raw strings. 4. Sanitization: The skill uses urllib.parse.quote for outgoing search queries but performs no sanitization or validation on the content returned by the API before it is processed by the agent.
Audit Metadata