conda-recipe
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Prompt Injection] (SAFE): No instructions attempting to bypass safety filters or override agent behavior were found.- [Data Exposure & Exfiltration] (SAFE): No access to sensitive files or unauthorized network communication detected. External URLs mentioned (PyPI, GitHub) are standard for the package management context.- [Obfuscation] (SAFE): No encoded content or hidden characters detected.- [Unverifiable Dependencies & Remote Code Execution] (SAFE): No patterns of downloading and piping remote scripts to shells were found. The skill uses standard package management tools.- [Indirect Prompt Injection] (LOW):
- Ingestion points: The skill is designed to process user-provided Conda recipes (meta.yaml, build.sh).
- Boundary markers: Absent. The skill does not explicitly instruct the agent to ignore instructions embedded within the recipe files.
- Capability inventory: The skill references tools like bioconda-utils and conda mambabuild, which execute code defined within the recipes.
- Sanitization: Absent.
- Context: This category represents the inherent risk surface of build tools. Because this is the primary purpose of the skill, the severity remains LOW.
Audit Metadata