phylogenetics
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill invokes local bioinformatics CLI tools including MAFFT, IQ-TREE 2, FastTree, and TrimAl using the Python subprocess module. It correctly uses list-based arguments, which prevents shell injection by ensuring user-provided file paths and parameters are not interpreted as shell commands.
- [EXTERNAL_DOWNLOADS]: The documentation provides instructions for installing dependencies from well-known and trusted repositories such as Conda (bioconda channel) and Pip. It also references official scientific project websites for technical documentation. No remote code is dynamically fetched or executed at runtime.
- [PROMPT_INJECTION]: The skill possesses an attack surface for indirect prompt injection. 1. Ingestion points: User-supplied FASTA files processed by the phylogenetic_analysis.py script. 2. Boundary markers: None present. 3. Capability inventory: Execution of local binaries via subprocess and file system write access for results. 4. Sanitization: No explicit filtering of sequence headers or content is performed. However, the risk is assessed as safe as the tools are invoked securely using established patterns and the operations are confined to the local environment.
Audit Metadata