bio-read-qc-umi-processing
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (HIGH):
- Ingestion points: FASTQ and BAM genomic sequence files (processed by umi_tools, samtools, etc.).
- Boundary markers: None. Data is processed directly from external sources without delimiters or instructions to ignore embedded content.
- Capability inventory: Command-line execution with filesystem write permissions and subprocess management via umi_tools, STAR, and samtools.
- Sanitization: None. The skill assumes the structural integrity of the biological data files.
- Analysis: Per the capability-based risk model, any skill that ingests untrusted data and possesses write/execute capabilities is Tier: HIGH. While genomic data is specialized, the potential for malicious inputs to exploit the toolchain or influence agent behavior via tool outputs cannot be discounted.
- Unverifiable Dependencies (MEDIUM): The skill relies on external software including
umi-tools,samtools,STAR,fastp, andpandas. None of these dependencies are associated with the defined trusted repositories or organizations, and no version constraints are provided to ensure supply chain integrity.
Recommendations
- AI detected serious security threats
Audit Metadata