The Agent Skills Directory

[External Downloads] (MEDIUM): The documentation describes loading pre-trained models from the Hugging Face Hub using ScEmbed.from_pretrained('databio/scembed-pbmc-10k'). Since the databio organization is not on the trusted list, this poses a risk of downloading untrusted content.
[Remote Code Execution] (MEDIUM): Several components such as BEDSpaceModel.load and ScEmbed.from_pretrained involve loading serialized model states. In Python environments, this often uses pickle or similar mechanisms that can execute arbitrary code when processing a malicious file.
[Command Execution] (LOW): The skill requires and executes external binaries like StarSpace. While the source facebookresearch is a trusted organization, the execution of external binaries remains a significant capability. Severity is downgraded to LOW per the [TRUST-SCOPE-RULE].
[Indirect Prompt Injection] (LOW): The skill ingests untrusted genomic data and metadata CSV files which could potentially contain adversarial instructions. 1. Ingestion points: metadata.csv in bedspace.md and BBClient downloads in utilities.md. 2. Boundary markers: Absent. 3. Capability inventory: CLI execution (uniwig, geniml) and Python execution. 4. Sanitization: No input validation of genomic coordinates or metadata strings is mentioned.

geniml