Skills
skills/google-deepmind/science-skills/jaspar-database/Gen Agent Trust Hub

jaspar-database

Pass

Audited by Gen Agent Trust Hub on May 19, 2026

Risk Level: SAFE
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill makes HTTP requests to https://jaspar.elixir.no/api/v1/. This is the official public API for the JASPAR database, used for retrieving transcription factor binding profiles.
  • [COMMAND_EXECUTION]: The skill uses uv run to execute the local wrapper script scripts/jaspar_api.py. The script uses argparse for safe command-line argument parsing and urllib.parse.quote to sanitize user inputs used in URL construction.
  • [INDIRECT_PROMPT_INJECTION]: The skill ingests data from an external API which is then processed by the agent. This represents an indirect prompt injection surface.
  • Ingestion points: Data is fetched in scripts/jaspar_api.py via _CLIENT.fetch_json and _CLIENT.fetch_text from the JASPAR API endpoints.
  • Boundary markers: No explicit boundary markers or instructions to ignore embedded content are used when presenting API results to the agent.
  • Capability inventory: The skill has network read capabilities via its Python script. It does not perform file writes or arbitrary shell execution beyond its own entry point.
  • Sanitization: Outgoing parameters are sanitized using urllib.parse.quote. Incoming data is not sanitized but is printed as formatted text or YAML, which is standard for bioinformatics data processing.
Audit Metadata
Risk Level
SAFE
Analyzed
May 19, 2026, 06:50 PM
Security Audit — agent-trust-hub — jaspar-database