nextflow-development
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- Remote Code Execution (HIGH): The skill instructs users to install Nextflow by piping a script from 'https://get.nextflow.io' directly into 'bash' in SKILL.md and references/installation.md. This executes remote code without verification from a non-trusted source as defined in the [TRUST-SCOPE-RULE].\n- Persistence Mechanisms (HIGH): Documentation in references/installation.md suggests appending export commands and cache directory configurations to the user's ~/.bashrc file, which allows for persistent command execution across sessions.\n- Privilege Escalation (HIGH): Multiple instructions in SKILL.md and references/installation.md require the use of 'sudo' for managing Docker permissions and installing system-level packages (openjdk, docker.io).\n- Indirect Prompt Injection (LOW):\n
- Ingestion points: The skill fetches external study information and metadata from NCBI GEO/SRA via scripts/sra_geo_fetch.py.\n
- Boundary markers: No specific delimiters or safety warnings are implemented to handle potentially malicious metadata.\n
- Capability inventory: The agent can execute complex pipeline code via Nextflow, perform network requests, and modify the local filesystem.\n
- Sanitization: The provided utility scripts do not demonstrate explicit sanitization of external metadata before it is processed or displayed.
Audit Metadata