Metabolomics Research
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFE
Full Analysis
- Indirect Prompt Injection (LOW): The skill aggregates scientific data from external bioinformatics databases (HMDB, MetaboLights, PubChem) into Markdown reports. An attacker who could influence the content of these public records could potentially embed instructions for the agent.
- Ingestion points: Metabolite names, chemical properties, and study metadata retrieved via API tools.
- Boundary markers: None identified in the provided report generation logic; external data is interpolated directly into templates.
- Capability inventory: The skill writes analysis results to the local file system and performs network requests to trusted bioinformatics APIs.
- Sanitization: No explicit sanitization or filtering of API response content is performed before interpolation.
- Data Exposure (SAFE): The
.env.templatefile provides placeholders for API keys and MCP server host configurations (e.g., BOLTZ_MCP_SERVER_HOST) but does not expose any actual credentials or sensitive environment data.
Audit Metadata