clinvar-database
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- REMOTE_CODE_EXECUTION (CRITICAL): In
references/api_reference.md, the skill instructs the user to install Entrez Direct usingsh -c "$(curl -fsSL ftp://ftp.ncbi.nlm.nih.gov/entrez/entrezdirect/install-edirect.sh)". This pattern (curl pipe to shell) allows for arbitrary code execution from a remote source that is not on the trusted repository or organization list. - PROMPT_INJECTION (HIGH): The skill is designed to ingest and interpret data from ClinVar, an external database where content is submitted by third-party users, creating a significant indirect prompt injection surface.
- Ingestion points: API responses from NCBI e-utilities (JSON/XML/VCF formats) as described in
references/api_reference.md. - Boundary markers: None present in the provided documentation.
- Capability inventory: The skill utilizes shell command execution (via curl and Entrez Direct) and Python script execution.
- Sanitization: No sanitization or validation logic is mentioned for the external data.
- EXTERNAL_DOWNLOADS (MEDIUM): The documentation encourages downloading and executing code from
ftp.ncbi.nlm.nih.gov, which is not a whitelisted trusted source, increasing the risk of supply chain attacks.
Recommendations
- AI detected serious security threats
Audit Metadata