gtars
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- Indirect Prompt Injection (SAFE): The skill processes external genomic files (BED, FASTA, TSV) which are untrusted data sources. Ingestion points:
RegionSet.from_bed,RefgetStore.from_fasta, andTreeTokenizer.from_bed_file. Boundary markers: None explicitly defined in documentation. Capability inventory: File processing, interval arithmetic, and tokenization. Sanitization: Standard bioinformatics format parsing. While this represents a data ingestion surface, the processing is mathematical/structural rather than instructional, making the risk negligible. - Unverifiable Dependencies & Remote Code Execution (SAFE): The skill recommends installing 'gtars' and 'geniml' via standard package managers like
pip,uv, andcargo. These follow common distribution patterns for bioinformatics libraries. No suspicious download-to-execution pipelines (likecurl | bash) were identified. - External Downloads (SAFE): The 'bbcache' module includes functionality to fetch genomic data from
bedbase.org. This is a domain-specific feature for caching reference datasets from a known public repository.
Audit Metadata