bio-gene-calling
Fail
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- Privilege Escalation (HIGH): The file docs/augustus.md explicitly includes the command 'sudo apt install augustus', which requires administrative privileges and poses a risk of unauthorized system modification.
- Remote Code Execution (HIGH): Multiple documentation files (docs/trnascan-se.md, docs/augustus.md, docs/prodigal-gv.md) provide instructions to download software from untrusted domains (e.g., eddylab.org) and unverified GitHub repositories, followed by immediate execution through compilation and installation (make, make install).
- Indirect Prompt Injection (LOW): The skill processes genomic data files (contigs.fasta) which are untrusted external inputs. These are used as arguments for command-line tools without boundary markers or sanitization. Evidence Chain: 1. Ingestion points: contigs.fasta (SKILL.md); 2. Boundary markers: Absent; 3. Capability inventory: Execution of subprocesses (augustus, braker, etc.); 4. Sanitization: Absent.
- Command Execution (MEDIUM): The skill documentation encourages constructing and executing complex shell commands based on user-provided parameters and file paths, which increases the risk of command injection if parameters are not properly escaped.
Recommendations
- AI detected serious security threats
Audit Metadata