scvi-tools
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (SAFE): The skill provides instructions to install scvi-tools using standard package managers. This is a common and safe practice for providing agent capabilities.
- PROMPT_INJECTION (LOW): Indirect Prompt Injection surface. The skill ingests untrusted data from external files, which is a necessary part of its functional design. 1. Ingestion points: Reads local data using sc.read_h5ad() in references/models-atac-seq.md and downloads sample data via scvi.data.heart_cell_atlas_subsampled() in SKILL.md. 2. Boundary markers: None present to distinguish data from instructions. 3. Capability inventory: Includes file system operations such as model.save() and model.load() to persist analysis results. 4. Sanitization: No evidence of input validation or sanitization on the contents of the genomic data files.
Audit Metadata