Skills
skills/swn94/claude-scientific-skills/cosmic-database/Gen Agent Trust Hub

cosmic-database

Warn

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: MEDIUMCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • Data Exposure & Exfiltration (MEDIUM): The scripts/download_cosmic.py script accepts email and password as plaintext command-line arguments. These credentials can be exposed to other users on the same system via process listings (e.g., ps aux) or shell history files.
  • Unverifiable Dependencies & Remote Code Execution (MEDIUM): The script performs network requests to https://cancer.sanger.ac.uk/ to download large compressed data files. This domain is not included in the Trusted External Sources list, and the downloaded content is written directly to the local file system.
  • Indirect Prompt Injection (MEDIUM): The skill is designed to ingest external data which could contain malicious instructions or schema-confusing data. Evidence: 1. Ingestion Point: scripts/download_cosmic.py via requests.get(). 2. Boundary Markers: Absent. 3. Capability Inventory: File-write operations via open().write(). 4. Sanitization: Absent.
  • Dynamic Execution (MEDIUM): The output_filename parameter in the download_cosmic_file function is not sanitized before being used in a file open() call. This allows for a path traversal attack where a malicious input could overwrite sensitive files outside the intended directory (e.g., ../../.bashrc).
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 17, 2026, 12:40 AM