gnomad-graphql-skill
Pass
Audited by Gen Agent Trust Hub on May 2, 2026
Risk Level: SAFEDATA_EXFILTRATIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- Filesystem Read Access: The
query_pathfeature inscripts/gnomad_graphql.pyallows the tool to read content from local files. This is a functional feature for large queries, but it requires oversight to ensure it is not used to read sensitive system information like configuration files or environment secrets. - Filesystem Write Access: The
raw_output_pathparameter enables writing API responses to local storage. While helpful for data persistence, the ability to write to arbitrary paths should be monitored to prevent unintended file modifications or the overwriting of system files. - External API Interaction: The skill connects to
gnomad.broadinstitute.orgto fetch genomic data. Users should be aware that data read from the local environment via the query path is transmitted to this external endpoint as part of the GraphQL request, which is a consideration for data privacy. - Untrusted Data Ingestion: The agent processes summaries of data returned from the external API, creating a potential surface for indirect prompt injection where external content could influence the agent's logic.
- Ingestion points: Data enters the context from the gnomAD API in
scripts/gnomad_graphql.py. - Boundary markers: No explicit markers or instructions are used to separate external content from system instructions.
- Capability inventory: The script has file read/write (
Path) and network (requests) capabilities as seen inscripts/gnomad_graphql.py. - Sanitization: The script performs basic truncation of strings and collections to manage context size, but no security-focused sanitization of the content itself is implemented.
Audit Metadata