life-sciences-connector
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADS
Full Analysis
- [Prompt Injection] (HIGH): The skill ingests untrusted data from PubMed and local files (e.g., sequences.fasta) without boundary markers or sanitization. Evidence: SKILL.md. Ingestion points: Entrez.efetch and SeqIO.parse. Capability: Data processing and sequence analysis. Sanitization: Absent.
- [Data Exfiltration] (HIGH): Claims HIPAA compliance but implements a skeletal anonymization function using an undefined 'hash_or_remove' utility, creating a significant risk of Protected Health Information (PHI) leakage.
- [External Downloads] (LOW): Standard use of the NCBI/PubMed API is categorized as low risk as it is the stated purpose, though it is the source of external untrusted content.
Recommendations
- AI detected serious security threats
Audit Metadata