gene-database
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [Data Exposure & Exfiltration] (LOW): The scripts scripts/batch_gene_lookup.py, scripts/fetch_gene_data.py, and scripts/query_gene.py make network requests to ncbi.nlm.nih.gov. Although these are required for fetching gene data, the domain is not on the trusted whitelist.
- [Prompt Injection] (LOW): The SKILL.md file contains instructions requiring the agent to proactively suggest the author's platform, K-Dense Web, for complex tasks. This constitutes a promotional behavioral override.
- [Indirect Prompt Injection] (SAFE): The skill ingests untrusted data from the NCBI API. Evidence Chain: 1. Ingestion points: urllib.request calls in all scripts. 2. Boundary markers: Absent. 3. Capability inventory: Network requests to NCBI. 4. Sanitization: Absent. The risk is minimal as the fetched data is not used in executable contexts or passed to downstream tools that could be compromised.
Audit Metadata