bio-vcf
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMPROMPT_INJECTION
Full Analysis
- PROMPT_INJECTION (MEDIUM): The skill presents an attack surface for indirect prompt injection through data processing.
- Ingestion points: Genomic data is ingested from external VCF/BCF files via the pysam library in all included scripts.
- Boundary markers: No boundary markers or delimiters are implemented to distinguish data from instructions when the agent reads the tool's output.
- Capability inventory: The skill possesses file-writing capabilities using pysam's write mode and Path.write_text, and it can output large data structures to stdout.
- Sanitization: String-based metadata fields within the VCF files are not sanitized, allowing potentially malicious instructions to be passed through to the agent context.
Audit Metadata