biopython-sequence-analysis
Pass
Audited by Gen Agent Trust Hub on May 11, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No security issues detected. The skill provides legitimate bioinformatics documentation and code samples for the Biopython library.
- [COMMAND_EXECUTION]: The skill demonstrates the use of
subprocess.runto call external bioinformatics utilities such asmakeblastdb,blastp, andmuscle. These examples follow secure coding practices by passing arguments as a list and avoidingshell=True, which prevents command injection vulnerabilities. - [EXTERNAL_DOWNLOADS]: The code examples utilize the NCBI Entrez API to fetch biological sequence data. These operations are standard for bioinformatics workflows and target a well-known and trusted scientific service.
- [REMOTE_CODE_EXECUTION]: Analysis of the automated scan alert regarding remote code execution confirms it is a false positive. The pattern of downloading sequence data from NCBI and then processing it with local alignment tools like MUSCLE is a routine data processing task, not execution of untrusted code.
Audit Metadata