The Agent Skills Directory

[Prompt Injection] (HIGH): The skill is highly susceptible to Indirect Prompt Injection (Category 8) because it uses untrusted data to drive the analysis of sensitive information.
Ingestion points: In Step 1, the skill uses a sub-agent to perform web searches (GWAS Catalog, SNPedia) and retrieve SNP (rsID) information. This external content is untrusted.
Boundary markers: No boundary markers or sanitization logic are present to separate the retrieved web content from the instructions passed to the Grep tool or the interpretation step.
Capability inventory: The skill has the capability to read local files via Grep and Glob, and perform complex reasoning using the Task tool.
Sanitization: The skill lacks any mechanism to validate that the rsIDs or descriptions returned from the web do not contain malicious instructions or shell metacharacters.
[Data Exposure & Exfiltration] (HIGH): The skill specifically targets .vcf files (Category 2). These files contain extremely sensitive Personal Health Information (PHI) and genomic data. The skill's workflow involves reading this data and presenting a summarized version as output, which creates a high-risk exposure surface if the interpretation logic is manipulated by external input.
[Command Execution] (MEDIUM): The skill uses dynamic command assembly (Category 10) in Step 2. It constructs a Grep pattern (rs123|rs456|...) using the output from a web-searching sub-agent. If an attacker-controlled website provides a malicious string instead of a valid rsID, it could potentially exploit the shell or the Grep tool's pattern matching to access unintended data or cause unexpected behavior.

genome-analyzer