gget
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION] (MEDIUM): Potential Path Traversal in file writing.
- Evidence: In
scripts/gene_analysis.py,output_prefixis derived directly fromgene_name(line 19:output_prefix = gene_name.lower()) and used to construct file paths (line 42:f"{output_prefix}_info.csv"). An attacker providing a gene name like../../tmp/maliciouscould write files to arbitrary locations. - Evidence: In
scripts/enrichment_pipeline.py, theoutput_prefixargument (line 46) is used directly in file paths (line 72:f"{output_prefix}_{db_key}.csv") without validation or sanitization. - [PROMPT_INJECTION] (MEDIUM): Indirect Prompt Injection surface (Category 8).
- Ingestion points: The scripts fetch data from several external, third-party controlled sources including Enrichr, NCBI (BLAST), ARCHS4, and OpenTargets (found in
scripts/gene_analysis.pyandscripts/enrichment_pipeline.py). - Boundary markers: None identified. Data from these APIs is written directly to CSV/FASTA files and printed to the console.
- Capability inventory: The scripts have file system write access (
Path.mkdir,open(..., 'w'),to_csv) and perform network operations via theggetlibrary. - Sanitization: Absent. External content is interpolated into output files and logs without escaping or filtering.
- Risk: If an AI agent reads the output of these scripts to provide summaries or make decisions, a malicious record in a public database (e.g., a poisoned gene description in Ensembl or a BLAST hit) could influence the agent's behavior.
Audit Metadata