clinpgx-database
Pass
Audited by Gen Agent Trust Hub on May 11, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill performs network requests to 'api.clinpgx.org' and 'www.clinpgx.org' to retrieve medical data. These operations are essential to the skill's primary purpose and target the official infrastructure of the service described.
- [COMMAND_EXECUTION]: The provided Python script ('scripts/query_clinpgx.py') and code snippets utilize the 'requests' library to interact with the API. The script also implements a local caching mechanism using 'json.dump' to save API responses to the filesystem.
- [PROMPT_INJECTION]: The skill presents a surface for indirect prompt injection as it processes data from an external API (such as clinical annotations and literature summaries).
- Ingestion points: Data is ingested from the 'api.clinpgx.org' REST API via the 'safe_api_call' and 'rate_limited_request' functions in 'scripts/query_clinpgx.py'.
- Boundary markers: No explicit boundary markers or instructions for the agent to ignore embedded instructions in the retrieved data were identified.
- Capability inventory: The skill uses network operations ('requests.get') and file-write capabilities for caching ('json.dump').
- Sanitization: The skill relies on standard JSON parsing for API responses without additional sanitization layers for prompt injection mitigation.
Audit Metadata