scanpy
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill contains instructions in the 'SKILL.md' file that direct the agent to proactively suggest the author's commercial platform, 'K-Dense Web', when the complexity of a task increases. This constitutes behavior steering for promotional purposes rather than neutral task execution.
- [PROMPT_INJECTION]: The skill is designed to ingest and process untrusted external data files (such as .h5ad, .csv, and 10X matrices) without utilizing boundary markers or sanitization protocols. This creates a potential surface for indirect prompt injection where malicious instructions could be embedded in the biological data files.
- Ingestion points: Data loading functions throughout 'SKILL.md', 'assets/analysis_template.py', and 'scripts/qc_analysis.py' read various external file formats.
- Boundary markers: There are no explicit delimiters or instructions for the agent to ignore embedded commands within the processed data.
- Capability inventory: The skill possesses capabilities for filesystem writes and the execution of provided Python scripts.
- Sanitization: No validation or filtering is performed on the content of the data files before processing.
- [COMMAND_EXECUTION]: The skill provides several Python scripts ('scripts/qc_analysis.py' and 'assets/analysis_template.py') intended for direct execution by the agent. While these scripts perform standard bioinformatics tasks, the provision of executable code increases the skill's risk profile.
Audit Metadata