bio-viromics
Fail
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- REMOTE_CODE_EXECUTION (HIGH): The documentation in
docs/gvclass-usage.mdinstructs users to install Pixi usingcurl -fsSL https://pixi.sh/install.sh | bash. This is a piped remote execution pattern from an untrusted source, allowing for arbitrary code execution if the remote script is compromised. - EXTERNAL_DOWNLOADS (HIGH): Multiple files, including
docs/README.mdanddocs/gvclass-usage.md, instruct users to download thegvclass-ascript fromhttps://raw.githubusercontent.com/NeLLi-team/gvclass/main/gvclass-aand execute it after applyingchmod +x. This repository is not on the trusted sources list. - PROMPT_INJECTION (LOW): The skill ingests untrusted genomic sequence data (
contigs.fasta) and processes it using multiple command-line tools. Mandatory Evidence Chain: 1. Ingestion:contigs.fastaenters the context inSKILL.md. 2. Boundary markers: Absent. 3. Capability inventory: Subprocess calls togenomad,checkv,vcontact3, andgvclassare present across the docs. 4. Sanitization: Absent. This creates a surface for indirect prompt injection via data content. - COMMAND_EXECUTION (MEDIUM): The skill heavily relies on executing shell commands for its core functionality. While expected for a bioinformatics workflow, the lack of input validation for file names or content increases the potential impact of other vulnerabilities.
Recommendations
- AI detected serious security threats
Audit Metadata