ena-database
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADS
Full Analysis
- [EXTERNAL_DOWNLOADS] (LOW): The skill documentation includes Python examples utilizing the
requestslibrary to interact withebi.ac.uk. While this is a reputable scientific domain, it is not listed in the trusted domain whitelist, qualifying as a low-severity networking finding.\n- [INDIRECT_PROMPT_INJECTION] (LOW): The skill provides patterns for ingesting data from external APIs, which presents a surface for indirect prompt injection if the source data were compromised.\n - Ingestion points: ENA Browser and Portal API responses (SKILL.md).\n
- Boundary markers: The documentation does not specify the use of delimiters or 'ignore' instructions for external data.\n
- Capability inventory: The skill examples demonstrate basic HTTP GET capabilities for data retrieval.\n
- Sanitization: The skill correctly identifies the need for structured parsing of XML data via dedicated libraries rather than regular expressions.
Audit Metadata