quickgo-database
Pass
Audited by Gen Agent Trust Hub on May 19, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill acts as a wrapper for the official QuickGO API maintained by EMBL-EBI (a well-known scientific organization). It uses an internal http_client and respects rate limits.
- [PROMPT_INJECTION]: The skill processes data from an external API (www.ebi.ac.uk), which creates a theoretical attack surface for indirect prompt injection. However, the risk is negligible as the data source is a reputable scientific institution and the skill's capabilities are limited to writing JSON files.
- Ingestion points: JSON responses fetched from
https://www.ebi.ac.uk/QuickGO/servicesinscripts/quickgo_tool.py. - Boundary markers: No specific boundary markers or 'ignore' instructions are used when handling the data.
- Capability inventory: The skill has file system write capabilities via
scripts/quickgo_tool.py. - Sanitization: The fetched data is parsed as JSON but not explicitly sanitized for malicious instructions before being saved.
Audit Metadata