gget
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (LOW): The scripts use the 'gget' library to programmatically fetch data from various external bioinformatics repositories (e.g., Ensembl, NCBI, UniProt). This is the intended behavior for the tool but involves communication with non-whitelisted domains.
- DATA_EXFILTRATION (LOW): While the script sends gene names and sequences to external APIs, this is standard functional behavior for bioinformatics analysis. No access to sensitive system files or credentials was detected.
- PROMPT_INJECTION (LOW): The skill is susceptible to indirect prompt injection (Category 8).
- Ingestion points: FASTA files in 'batch_sequence_analysis.py' and gene lists in 'enrichment_pipeline.py' are parsed from external files.
- Boundary markers: Absent. There are no delimiters or 'ignore' instructions wrapping the data when it is read or when results (like gene descriptions) are displayed.
- Capability inventory: The skill has network access (via 'gget') and file-write capabilities (CSV/FASTA output).
- Sanitization: Input data is not sanitized or validated beyond basic parsing, meaning metadata returned from external APIs (which could be influenced by malicious entries in public databases) is presented directly to the agent.
Audit Metadata