bio-workflow-management-snakemake-workflows
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION] (LOW): The skill makes extensive use of Snakemake's
shell,run, andscriptdirectives to execute external bioinformatics tools (e.g., bwa, samtools, salmon) and local scripts. This is the primary intended behavior for a workflow management skill. - [EXTERNAL_DOWNLOADS] (LOW): The documentation includes instructions for installing official plugins (
snakemake-executor-plugin-slurm) and utilizing external environments/containers from trusted sources like Bioconda and Biocontainers. These findings are downgraded per [TRUST-SCOPE-RULE] as they target reputable scientific registries. - [INDIRECT_PROMPT_INJECTION] (LOW):
- Ingestion points: Untrusted data enters the workflow via
config.yaml, sample lists, and file wildcards. - Boundary markers: No explicit sanitization of wildcard strings is shown before interpolation into shell commands, creating a potential surface for command injection if filenames are attacker-controlled.
- Capability inventory: The skill allows full shell execution, Python script execution (
run:), and external script execution (script:). - Sanitization: None present; the templates rely on standard Snakemake interpolation without additional input validation.
Audit Metadata