database-lookup
Pass
Audited by Gen Agent Trust Hub on May 29, 2026
Risk Level: SAFECOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to use shell commands (
curl) for interacting with specific APIs that require POST methods or custom headers, such as SEC EDGAR, gnomAD, and Open Targets. - [REMOTE_CODE_EXECUTION]: For the BRENDA enzyme database, the instructions require the agent to generate and execute a Python script using the
zeeplibrary to handle SOAP-based communication. - [EXTERNAL_DOWNLOADS]: The skill retrieves data from 78 external REST and SOAP APIs. These sources are established scientific and governmental repositories, including NASA, the NIH, the European Bioinformatics Institute, and the World Bank.
- [CREDENTIALS_UNSAFE]: The skill manages authentication for various services by reading API keys from environment variables or a local
.envfile, following standard development practices for secret management. - [PROMPT_INJECTION]: The skill has an indirect prompt injection surface because it ingests raw JSON data from 78 external sources.
- Ingestion points: API responses from 78 external providers (e.g.,
references/pubchem.md,references/fred.md). - Boundary markers: None specified in the instructions.
- Capability inventory: Use of
curlvia shell and Python script execution (SKILL.md,references/brenda.md). - Sanitization: No explicit sanitization of external JSON content is mentioned before it is returned to the user or processed further.
Audit Metadata