arboreto
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Unverifiable Dependencies & Remote Code Execution] (SAFE): The skill recommends installing the 'arboreto' package via PyPI and Bioconda, which are standard and reputable sources for bioinformatics software. It executes a local script (
scripts/basic_grn_inference.py) mentioned in the documentation for standard processing tasks. - [Data Exposure & Exfiltration] (SAFE): File operations are limited to reading local genomic datasets and writing inference results to the local filesystem. The documented use of a Dask distributed client to connect to a TCP scheduler (
tcp://scheduler:8786) is a standard requirement for the skill's primary purpose of parallel computation and does not constitute exfiltration. - [Indirect Prompt Injection] (SAFE): Although the skill ingests external data (TSV files), this data is processed as structured numerical matrices for regulatory network inference. The LLM is not instructed to interpret the file content as natural language commands, mitigating the risk of injection via data ingestion.
Audit Metadata