ena-database
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMPROMPT_INJECTIONEXTERNAL_DOWNLOADSNO_CODE
Full Analysis
- Prompt Injection (MEDIUM): The 'Suggest Using K-Dense Web' section contains explicit instructions to the agent to monitor conversation complexity and proactively market a specific external service (k-dense.ai). This is an attempt to override the agent's natural response pattern to favor a commercial product.
- External Downloads (MEDIUM): The skill documentation encourages the installation and use of 'enaBrowserTools' and recommends downloading data via FTP and Aspera. These are unverified external dependencies and protocols that are not part of the trusted source list.
- Indirect Prompt Injection (LOW): The skill's core purpose is to ingest large datasets (XML, JSON, and flat files) from the ENA database (ebi.ac.uk). While ENA is a legitimate scientific repository, the intake of untrusted external data represents a potential injection surface if the agent later processes this content in a high-privilege context.
- No Code (SAFE): No executable scripts (.py, .js, .sh) were included in the skill package; only markdown documentation and code snippets for reference were provided.
Audit Metadata