pride-database
Pass
Audited by Gen Agent Trust Hub on Apr 30, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill makes network requests to the official PRIDE Archive REST API hosted at ebi.ac.uk, which is the domain for the European Bioinformatics Institute, a well-known scientific research organization. All API interactions are unauthenticated and public.
- [SAFE]: The skill relies on well-known, established Python packages (requests, pandas, and matplotlib) for its functionality. These dependencies are standard for data science and API interaction.
- [PROMPT_INJECTION]: The skill features a workflow to generate shell scripts for batch downloads by interpolating API-sourced data into command templates, creating an indirect prompt injection surface.
- Ingestion points: Metadata such as file names and FTP/HTTPS URLs retrieved from the PRIDE REST API in SKILL.md.
- Boundary markers: None.
- Capability inventory: Ability to create and write to shell script files (.sh) using standard Python file I/O in SKILL.md.
- Sanitization: API-sourced strings are placed inside single quotes in shell commands, but no additional validation or sanitization of the remote content is performed before script generation.
- [SAFE]: A logic flaw exists in the PTM search recipe where an 'or True' statement bypasses filtering logic. This is a benign functional error and does not pose a security risk.
Audit Metadata