Skills
skills/gptomics/bioskills/bio-workflow-management-cwl-workflows/Gen Agent Trust Hub

bio-workflow-management-cwl-workflows

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • Command Execution (HIGH): The skill utilizes cwltool and toil-cwl-runner, which are designed to execute arbitrary shell commands defined in the baseCommand field of CWL workflow files.
  • External Downloads (HIGH): Workflow examples include DockerRequirement with dockerPull targeting non-whitelisted registries such as quay.io (e.g., quay.io/biocontainers/salmon). This allows for the download and execution of arbitrary containerized code.
  • Dynamic Execution (MEDIUM): The use of InlineJavascriptRequirement allows workflows to evaluate JavaScript expressions at runtime, increasing the execution complexity and potential for exploitation.
  • Indirect Prompt Injection (HIGH): The skill is highly susceptible to indirect injection as it is designed to ingest and process external workflow specifications. Ingestion points: workflow.cwl and job.yaml files. Boundary markers: None present in the provided documentation or examples. Capability inventory: Full subprocess execution via baseCommand and remote container pulling/execution via dockerPull. Sanitization: No sanitization or validation of the workflow-provided commands or inputs is demonstrated.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 05:05 AM