bio-reads-qc-mapping
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [Unverifiable Dependencies] (LOW): The skill documentation recommends installation of bioinformatics tools (bbtools, minimap2, filtlong, porechop) from Bioconda and GitHub repositories (lh3, BioInfoTools, rrwick). These are highly reputable sources in the scientific community, but they constitute external code dependencies that are executed locally.
- [Indirect Prompt Injection] (LOW): The workflow processes external data from 'sample_sheet.tsv' and sequencing files which are used to parameterize shell commands. This creates a surface for indirect prompt injection if the inputs are not strictly sanitized. 1. Ingestion points: 'sample_sheet.tsv' and 'reads/*.fastq.gz' (referenced in SKILL.md). 2. Boundary markers: No explicit boundary delimiters are defined for interpolation. 3. Capability inventory: System execution of 'bbduk.sh', 'bbmap.sh', 'minimap2', 'filtlong', and 'porechop' (documented in docs/ directory). 4. Sanitization: The instructions include steps to 'validate sample sheet schema' and 'validate FASTQ integrity', providing partial mitigation.
- [SAFE] (SAFE): No evidence of hardcoded credentials, malicious network communication, or obfuscation was found in any of the skill files.
Audit Metadata