finngen-phewas-skill
Pass
Audited by Gen Agent Trust Hub on Apr 20, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- External API Requests: The skill fetches genomic association data and variant coordinate information from well-known scientific services, specifically FinnGen and the Ensembl REST API. These requests include appropriate timeouts and use established libraries.
- Path Sanitization and Local Storage: When users request to save raw data, the skill generates a local file path. It includes a sanitization step using a regular expression to prevent path traversal or the use of illegal characters in filenames.
- Input Validation: Genomic variant inputs (rsID, coordinates) are rigorously validated against specific patterns (chromosomes, positions, and alleles) before being processed or used in API queries, which helps prevent malformed requests.
- Subprocess Command Execution: The skill operates by piping JSON input into a local Python script. This follows standard integration patterns for this type of agent tool.
Audit Metadata