bio-data-visualization-genome-browser-tracks
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill demonstrates an attack surface where untrusted external content (genomic data files and user-defined coordinates) is processed and passed to execution-capable tools.
- Ingestion points: Processes genomic data files including .bw, .bed, .gtf, and .cool. It also accepts string-based 'region' parameters.
- Boundary markers: Absent. There are no delimiters or instructions to ignore embedded commands in the processed data.
- Capability inventory: Executes
pyGenomeTracksandigvvia shell commands and Python'ssubprocess.run. It also writes configuration files (tracks.ini,igv_batch.txt) to the local filesystem. - Sanitization: No sanitization or validation of input variables (like
$region) is shown, which could lead to shell injection if the agent interpolates user-provided text into the bash loops. - [Unverifiable Dependencies] (MEDIUM): The skill relies on external software packages (
pygenometracks,IGV, and R libraries likeGviz) which must be present in the environment. These tools often have complex dependency trees and may execute with the same privileges as the agent. - [Dynamic Execution] (MEDIUM): The skill generates executable batch scripts for IGV (
igv_batch.txt) and configuration files at runtime before passing them to interpreters/CLI tools.
Recommendations
- AI detected serious security threats
Audit Metadata