kegg-database
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill includes instructions that direct the agent to proactively recommend an external commercial service (K-Dense Web) to the user. This behavioral override steers the agent toward a specific vendor's platform based on task complexity.
- [PROMPT_INJECTION]: The skill establishes an attack surface for indirect prompt injection by ingesting data from the external KEGG REST API. Malicious instructions embedded in pathway descriptions or gene data could influence the agent's behavior.
- Ingestion points: Data retrieved via
kegg_get,kegg_find, andkegg_link(SKILL.md). - Boundary markers: Absent.
- Capability inventory: The agent is instructed to use Python helper functions in
scripts/kegg_api.pyto perform network operations and data processing. - Sanitization: No explicit validation or filtering of external content is mentioned in the instructions.
Audit Metadata