tooluniverse-variant-analysis
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill interacts with established bioinformatics APIs such as MyVariant.info, Ensembl, and ClinGen to retrieve variant metadata, population frequencies, and clinical significance scores.
- [COMMAND_EXECUTION]: Documentation indicates the use of Python-based tools and C-extensions like
cyvcf2for efficient parsing of genomic data files. - [DATA_EXFILTRATION]: Extracts specific variant identifiers (rsIDs, HGVS, coordinates) from user-provided VCF files and sends them to remote annotation services; this behavior is inherent to the skill's primary function of variant interpretation.
- [PROMPT_INJECTION]: The skill processes untrusted VCF data and incorporates extracted information into analysis reports. While this creates a theoretical surface for indirect prompt injection via malicious genomic annotations, it is a standard risk for data-processing skills and no active exploitation was observed.
Audit Metadata