bio-pathway-gsea
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- Prompt Injection (HIGH): The skill is highly susceptible to indirect prompt injection via the processing of untrusted biological data files.
- Ingestion points: The script reads 'de_results.csv' and 'msigdb_hallmarks.gmt' from the local execution environment.
- Boundary markers: Absent. There are no delimiters or explicit instructions provided to the agent to treat the content of these data files as non-executable text or to ignore embedded instructions.
- Capability inventory: The skill utilizes an R execution environment (clusterProfiler) and includes file-writing capabilities (write.csv). This allows the agent to perform side-effect-heavy operations based on the processed data.
- Sanitization: Absent. Data from the CSV and GMT files is directly converted into R vectors and used in complex bioinformatics functions without any validation or filtering.
- Command Execution (LOW): The skill defines a tool that executes R code. While no explicit shell-level command execution (like system() or exec()) is present, the R runtime itself provides an execution surface that is combined with untrusted data ingestion.
Recommendations
- AI detected serious security threats
Audit Metadata