bio-workflow-management-nextflow-pipelines
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill describes pipelines that ingest untrusted external data which is then used to influence command execution.
- Ingestion points:
params.reads,params.samplesheet, andsplitCsvlogic inmain.nfandsubworkflows/qc.nf. - Boundary markers: None present. There are no delimiters or instructions to ignore embedded commands in the data.
- Capability inventory: Extensive use of
script:blocks to execute shell commands (fastqc,salmon,fastp,multiqc) via Nextflow. - Sanitization: Absent. The templates use direct Groovy string interpolation (e.g.,
${sample_id},${reads}) into shell scripts. If an attacker provides a samplesheet with a malicioussample_id(e.g.,sample; rm -rf /), it would be executed by the shell. - [Command Execution] (MEDIUM): The primary purpose of the skill is the execution of arbitrary CLI tools. While functional for bioinformatics, this capability is highly exploitable if the input parameters are not strictly validated.
- [Remote Code Execution] (MEDIUM): The skill includes configurations for AWS Batch and SLURM executors. Any command injection vulnerability is escalated to these high-privilege/high-compute environments, potentially leading to cloud credential theft or unauthorized resource usage.
Recommendations
- AI detected serious security threats
Audit Metadata