gget

This document describes a legitimate, feature-rich bioinformatics CLI/package (gget). I found no direct evidence of malicious code or obfuscation in the provided documentation. However, there are notable security concerns: examples show passing sensitive credentials (COSMIC password, OpenAI api_key) on the command line which can leak via process listings or shell history; setup/download steps (AlphaFold model files, other DBs) lack stated provenance/checksums; and the package appears to run external binaries and downloads which increases supply‑chain risk depending on implementation and download endpoints. Before use in sensitive environments: inspect the actual implementation for where downloads are sourced, whether HTTPS + checksum/signature verification is used, how subprocesses are spawned and whether inputs are sanitized, and prefer env vars or credential files over CLI flags for secrets.