bio-population-genetics-plink-basics
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill processes untrusted genomic data (VCF and PED/MAP files) through PLINK command-line interfaces. Ingestion points: Untrusted files are passed to PLINK via --vcf, --file, and --bfile arguments in SKILL.md and examples/qc_pipeline.sh. Boundary markers: No explicit delimiters are used to separate untrusted data content from agent context. Capability inventory: The skill executes external PLINK binaries and performs local file system writes. Sanitization: Shell script variables are double-quoted to prevent basic command injection, and the skill relies on the underlying PLINK binary for safe format parsing.
- [Unverifiable Dependencies] (INFO): Recommends installation of plink and plink2 via Bioconda, a reputable and standard registry for bioinformatics software.
- [Prompt Injection] (SAFE): No evidence of direct prompt injection or attempts to bypass agent safety protocols was found.
- [Data Exposure & Exfiltration] (SAFE): No hardcoded credentials, sensitive file access, or unauthorized network operations were identified.
Audit Metadata