scanpy
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION] (SAFE): File system operations are restricted to creating directories for results and reading/writing data files using the Scanpy API. No shell commands or risky subprocess calls are present.
- [DATA_EXFILTRATION] (SAFE): The skill operates entirely on local data files (e.g., .h5ad, .csv). There are no network requests, API calls to external services, or hardcoded credentials found in any of the scripts.
- [REMOTE_CODE_EXECUTION] (SAFE): No patterns of downloading and executing remote scripts (like curl | bash) or dynamic code execution (eval/exec) were identified.
- [OBFUSCATION] (SAFE): All scripts and documentation files are written in clear, human-readable text. No hidden characters, Base64 strings, or homoglyphs were detected.
- [INDIRECT_PROMPT_INJECTION] (SAFE): While the skill processes external data files, this data is used for numeric computation and plotting within a sandboxed Python environment. There is no interpolation of untrusted data into LLM prompts or dangerous tool execution paths.
Audit Metadata