bio-expression-matrix-counts-ingest
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (MEDIUM): The skill possesses a significant attack surface by ingesting external untrusted data through multiple file formats (CSV, TSV, H5, H5AD, RDS). Maliciously crafted data files could contain instructions in metadata or headers that might influence the agent's behavior during analysis.
- Ingestion points:
pd.read_csv(pandas),sc.read_10x_mtx(scanpy),sc.read_h5ad(scanpy), andpyreadr.read_r(pyreadr) inSKILL.md. - Boundary markers: Absent. The skill processes files directly without delimiters or instructions to ignore embedded content.
- Capability inventory: The skill has local file read/write capabilities (
to_csv,write_h5ad). While it does not have direct network or arbitrary code execution capabilities, the ability to write manipulated data back to disk constitutes a medium-risk output vector. - Sanitization: None. The parsed data is loaded directly into pandas DataFrames or AnnData objects without validation of content against a schema that excludes natural language instructions.
Audit Metadata