systems-architect
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill explicitly allows the 'Bash' tool and provides examples for using Python's subprocess module to execute external bioinformatics tools like fastqc. This is consistent with the primary purpose of designing pipeline orchestration.
- [EXTERNAL_DOWNLOADS]: The skill mentions using package managers such as pip and micromamba for setting up environments. These are standard tools for the bioinformatics workflow and no untrusted download origins are specified.
- [PROMPT_INJECTION]: The 'Bootstrap Mode' for existing codebases creates an indirect prompt injection surface. 1. Ingestion points: The skill parses directory structures and file contents (import statements) from potentially untrusted codebases using git grep and static analysis. 2. Boundary markers: The instructions lack explicit delimiters or warnings to ignore embedded instructions within the analyzed code. 3. Capability inventory: The skill has access to Bash, Read, and Write operations, which could be leveraged if malicious content in the codebase influences the agent's actions. 4. Sanitization: No sanitization or verification protocols are defined for the content extracted from external modules.
Audit Metadata