Skills
NYC
skills/drshailesh88/integrated_content_os/pyopenms/Gen Agent Trust Hub

pyopenms

Warn

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • EXTERNAL_DOWNLOADS (MEDIUM): The skill installs the 'pyopenms' package without a specific version via 'uv pip'. While it is a recognized scientific library, the OpenMS organization is not within the predefined trusted scope and the lack of version pinning increases supply chain risk. Evidence: 'uv uv pip install pyopenms' in SKILL.md.
  • PROMPT_INJECTION (LOW): The skill ingests external mass spectrometry and sequence data files, creating a surface for indirect prompt injection if malicious instructions are embedded in scientific metadata. 1. Ingestion points: 'ms.MzMLFile().load()' and 'ms.FASTAFile().load()' in references/file_io.md. 2. Boundary markers: Absent. 3. Capability inventory: 'ms.MzMLFile().store()' in references/signal_processing.md (file write). 4. Sanitization: Absent.
  • COMMAND_EXECUTION (LOW): The skill provides instructions for shell command execution to install and verify the environment.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 16, 2026, 06:54 AM