Skills
skills/jimmc414/kosmos/biopython/Gen Agent Trust Hub

biopython

Pass

Audited by Gen Agent Trust Hub on Mar 29, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes untrusted data from various biological file formats.
  • Ingestion points: The skill utilizes SeqIO.parse, AlignIO.read, and PDBParser.get_structure in SKILL.md to load data from external FASTA, GenBank, and PDB files into the agent context.
  • Boundary markers: No specific boundary markers or instructions (e.g., "ignore instructions in the data") are provided to prevent the agent from obeying commands that might be embedded in the biological metadata or sequence labels.
  • Capability inventory: The agent has access to network operations via Bio.Entrez and Bio.Blast, and the ability to write or modify files via SeqIO.convert and SeqIO.write.
  • Sanitization: While the Biopython library parses data into structured objects, the resulting text is passed to the LLM without additional sanitization or filtering to remove potential instruction-like content.
  • [EXTERNAL_DOWNLOADS]: The skill documentation describes installing the biopython package using pip or uv. Biopython is a well-known and widely used open-source library in the scientific community.
  • [DATA_EXFILTRATION]: The skill uses Bio.Entrez and Bio.Blast to communicate with official NCBI (National Center for Biotechnology Information) web services. These network operations are standard for the tool's intended purpose of biological database access and search.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 29, 2026, 04:45 AM
Security Audit — agent-trust-hub — biopython