database-lookup

Pass

Audited by Gen Agent Trust Hub on May 29, 2026

Risk Level: SAFECOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to use shell commands (curl) for interacting with specific APIs that require POST methods or custom headers, such as SEC EDGAR, gnomAD, and Open Targets.
  • [REMOTE_CODE_EXECUTION]: For the BRENDA enzyme database, the instructions require the agent to generate and execute a Python script using the zeep library to handle SOAP-based communication.
  • [EXTERNAL_DOWNLOADS]: The skill retrieves data from 78 external REST and SOAP APIs. These sources are established scientific and governmental repositories, including NASA, the NIH, the European Bioinformatics Institute, and the World Bank.
  • [CREDENTIALS_UNSAFE]: The skill manages authentication for various services by reading API keys from environment variables or a local .env file, following standard development practices for secret management.
  • [PROMPT_INJECTION]: The skill has an indirect prompt injection surface because it ingests raw JSON data from 78 external sources.
  • Ingestion points: API responses from 78 external providers (e.g., references/pubchem.md, references/fred.md).
  • Boundary markers: None specified in the instructions.
  • Capability inventory: Use of curl via shell and Python script execution (SKILL.md, references/brenda.md).
  • Sanitization: No explicit sanitization of external JSON content is mentioned before it is returned to the user or processed further.
Audit Metadata
Risk Level
SAFE
Analyzed
May 29, 2026, 12:57 AM
Security Audit — agent-trust-hub — database-lookup