Skills
skills/jackspace/claudeskillz/latchbio-integration/Gen Agent Trust Hub

latchbio-integration

Warn

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • EXTERNAL_DOWNLOADS (MEDIUM): The skill requires the installation of the latch package from PyPI (python3 -m pip install latch). This is a third-party dependency not included in the trusted provider list.
  • COMMAND_EXECUTION (LOW): The skill uses several CLI commands including latch login, latch init, and latch register. While these are legitimate platform operations, they involve network communication and remote registration of code.
  • DATA_EXPOSURE & EXFILTRATION (INFO): The skill interacts with the latch:/// cloud storage protocol and uses the Latch Registry for data management. While this is the intended functionality, it involves transferring potentially sensitive biological data to a cloud environment.
  • INDIRECT PROMPT INJECTION (LOW): The skill processes external data via LatchFile and LatchDir. Although it has the capability to register workflows (execute), the risk is low as the agent primarily facilitates code generation rather than autonomously processing untrusted data to make critical local security decisions.
  • Ingestion points: input_file: LatchFile in workflow decorators; Table.get and Record.list for Registry data.
  • Boundary markers: Absent.
  • Capability inventory: latch register (remote deployment), latch init (local file creation).
  • Sanitization: None explicitly mentioned in the skill definition.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 16, 2026, 02:27 AM