Skills
NYC
skills/ovachiever/droid-tings/etetoolkit/Gen Agent Trust Hub

etetoolkit

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [Indirect Prompt Injection] (LOW): The skill processes external Newick tree files and taxa lists, which could host malicious instructions designed to influence an agent's logic during processing.\n
  • Ingestion points: Input arguments for tree files in scripts/quick_visualize.py and scripts/tree_operations.py, and the keep-taxa argument in scripts/tree_operations.py.\n
  • Boundary markers: Absent. No delimiters or instructions are provided to the agent to disregard content within data files.\n
  • Capability inventory: The skill can write files to the system using the ete3 library's render and write methods.\n
  • Sanitization: Absent. The scripts pass raw user input directly to the ete3 parser without validation or escaping.\n- [Unverifiable Dependencies] (LOW): The scripts depend on the ete3 library. While this is a standard bioinformatics package, it is not from a pre-approved trusted organization as defined in the security analysis skill.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 05:59 PM