anndata
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [Data Exposure & Exfiltration] (LOW): The documentation includes examples for performing network operations to non-whitelisted domains to download data files. Specifically,
references/io_operations.mddemonstrates usingurllib.request.urlretrieveandfsspec.get_mapperwith external URLs (e.g., example.com). - [Indirect Prompt Injection] (LOW): The skill describes how to ingest data from untrusted external sources such as remote URLs, S3 buckets, and local files (CSV, MTX, etc.), which establishes an attack surface for indirect prompt injection. \n
- Ingestion points:
ad.read_h5ad(url),ad.read_zarr(store), andad.read_csv()inreferences/io_operations.md. \n - Boundary markers: Absent. The documentation does not specify the use of delimiters or instructions to ignore embedded content within the ingested data. \n
- Capability inventory: The skill is intended to facilitate the processing of genomic and experimental data which may be summarized or analyzed by the agent. \n
- Sanitization: Absent. No mention of data validation, filtering, or sanitization before processing.
Audit Metadata