arboreto
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs the 'arboreto' package and its dependencies (pandas, numpy, scipy, scikit-learn, dask, distributed) from the Python Package Index (PyPI), a standard registry for Python software.\n- [COMMAND_EXECUTION]: The skill provides instructions for setting up the computational environment and executing scripts for genomic data analysis through shell commands.\n- [DATA_EXFILTRATION]: The skill facilitates connecting to remote Dask schedulers using TCP addresses (e.g., in 'references/distributed_computing.md'). This functionality involves transmitting gene expression matrices to specified network endpoints for distributed processing.\n- [PROMPT_INJECTION]: The skill processes genomic data from external TSV and CSV files, creating an indirect prompt injection surface where data content could potentially include instructions aimed at influencing agent behavior.\n
- Ingestion points: Data ingestion occurs through 'pd.read_csv' in 'SKILL.md', 'references/basic_inference.md', and 'scripts/basic_grn_inference.py'.\n
- Boundary markers: The instructions do not employ explicit delimiters or instructions to ignore potential commands embedded within the data files.\n
- Capability inventory: Across its scripts and documentation, the skill possesses capabilities for filesystem writes ('to_csv') and network communication (Dask Client).\n
- Sanitization: Input files are read directly without string-level validation or sanitization of the content.
Audit Metadata