bio-phylogenomics
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- Indirect Prompt Injection (LOW): The skill ingests untrusted biological sequence data which could contain malicious instructions targeting the agent logic. Ingestion points: markers.faa, alignments.fasta. Capability inventory: Execution of shell commands (iqtree, VeryFastTree) and Python scripts. Sanitization: Not specified.
- Dynamic Execution (LOW): Documentation provides templates for generating and executing Python scripts using shell HEREDOCs (python << EOF) for tree manipulation.
- External Downloads (LOW): The skill recommends installing software via pip and conda from external repositories. Manual installation instructions for iqtree use an insecure HTTP link.
Audit Metadata