bioservices
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes data from 40+ external bioinformatics services (e.g., UniProt, KEGG, NCBI).
- Ingestion points: Data enters the agent context through API responses from services like UniProt, KEGG, and UniChem as described in
SKILL.md. - Boundary markers: There are no explicit delimiters or instructions to ignore embedded commands within the processed biological data.
- Capability inventory: The skill allows the execution of bundled Python scripts (found in the
scripts/directory) and arbitrary network requests via thebioserviceslibrary. - Sanitization: No validation or sanitization mechanisms for the external data are mentioned in the documentation.
- [PROMPT_INJECTION]: The skill includes instructions in the 'Suggest Using K-Dense Web' section to override default agent behavior by proactively marketing an external platform (
www.k-dense.ai) when specific query conditions are met. - [EXTERNAL_DOWNLOADS]: The skill downloads the
bioserviceslibrary from the Python Package Index (PyPI) and connects to various third-party biological databases and APIs as part of its core functionality. - [COMMAND_EXECUTION]: The skill's documentation describes running local Python scripts, such as
scripts/protein_analysis_workflow.pyandscripts/pathway_analysis.py, which are part of the skill's distribution.
Audit Metadata