variant-annotation

Query and annotate gene variants from ClinVar and dbSNP databases. Trigger when: - User provides a variant identifier (rsID, HGVS notation, genomic coordinates) and asks about clinical significance - User mentions "ClinVar", "dbSNP", "variant annotation", "pathogenicity", "clinical significance" - User wants to know if a mutation is pathogenic, benign, or of uncertain significance - User provides VCF content or variant data requiring interpretation - Input: variant ID (rs12345), HGVS notation (NM_007294.3:c.5096G>A), or genomic coordinates (chr17:43094692:G>A) - Output: clinical significance, ACMG classification, allele frequency, disease associations

1.26x

Quality

82%

Does it follow best practices?

Impact

99%

1.26x

Average score across 3 eval scenarios

Securityby

Advisory

Suggest reviewing before use

1 medium severity finding. This skill can be installed but you should review these findings before use.

Medium

W011: Third-party content exposure detected (indirect prompt injection risk)

What this means

The skill exposes the agent to untrusted, user-generated content from public third-party sources, creating a risk of indirect prompt injection. This includes browsing arbitrary URLs, reading social media posts or forum comments, and analyzing content from unknown websites.

Why it was flagged

Third-party content exposure detected (high risk: 1.00). This skill directly queries public databases (e.g., ClinVar and dbSNP via NCBI E-utilities shown in scripts/main.py's _query_clinvar and _query_dbsnp and the SKILL.md "Data Sources" table listing ClinVar, dbSNP, gnomAD, Ensembl VEP, CADD), ingests their user-submitted/untrusted records, and uses that content to compute ACMG scores and drive classification decisions—meeting the criteria for potential indirect prompt injection.

Report incorrect finding

Repository: aipoch/medical-research-skills
Commit: ca9aaa4

Audited: about 1 month ago
Security analysis

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.