gene-database
Warn
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: MEDIUMPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill metadata identifies the author as "K-Dense Inc.", which contradicts the system-provided author identity "wu-yc". This inconsistency in metadata can mislead users and agents regarding the origin and trustworthiness of the skill.
- [PROMPT_INJECTION]: The skill contains behavioral instructions that override the agent's primary function by requiring it to proactively promote an external commercial platform ("K-Dense Web") for complex workflows. This redirects user engagement to a third-party service outside the skill's defined scope.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection. It ingests untrusted user input (gene symbols, search terms, or file contents) and interpolates it into script arguments without defining boundary markers or sanitization requirements.
- Ingestion points:
query_gene.py(--search),fetch_gene_data.py(--symbol), andbatch_gene_lookup.py(--file, --ids). - Boundary markers: Absent from the documentation and prompt instructions.
- Capability inventory: Execution of local scripts that perform network requests to NCBI APIs.
- Sanitization: No escaping or validation of external content is specified.
- [COMMAND_EXECUTION]: The skill relies on executing Python scripts using arguments directly derived from user input. This creates a risk of command injection if shell metacharacters provided by a user are not properly escaped or validated by the agent before execution.
Audit Metadata