cosmic-database
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEDATA_EXFILTRATIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- DATA_EXFILTRATION (LOW): The script
scripts/download_cosmic.pyperforms network requests tocancer.sanger.ac.uk. Although this is the official domain for the COSMIC database, it is not included in the provided whitelist of trusted domains. - CREDENTIALS_UNSAFE (LOW): The skill handles user credentials by taking them as plaintext arguments in functions and the CLI. This pattern can lead to credential exposure in shell history, system logs, or process monitors.
- PROMPT_INJECTION (LOW): The skill provides a surface for indirect prompt injection as it ingests large external data files (TSV, CSV, VCF). 1. Ingestion points: Data file downloads in
scripts/download_cosmic.py. 2. Boundary markers: None present. 3. Capability inventory: Network access and file system write access. 4. Sanitization: No sanitization or validation is performed on the downloaded content.
Audit Metadata