imaging-data-commons
Warn
Audited by Gen Agent Trust Hub on Apr 11, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides Python code that uses
subprocess.runto execute shell commands for upgrading theidc-indexpackage (pip3 install --upgrade --break-system-packages idc-index). This allows the skill to modify the agent's underlying execution environment at runtime. - [REMOTE_CODE_EXECUTION]: The instruction to install a package from a public registry and then immediately import it into the agent's process constitutes a remote code execution pattern.
- [EXTERNAL_DOWNLOADS]: The skill manages the retrieval of medical imaging datasets from public AWS S3 and Google Cloud Storage buckets. These operations target well-known cloud services for legitimate scientific purposes but involve downloading large volumes of external data.
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection due to the ingestion of metadata from external imaging and clinical databases.
- Ingestion points: Data enters the agent's context through SQL queries via
client.sql_query()and clinical data retrieval viaclient.get_clinical_table(). - Boundary markers: The skill does not implement delimiters or explicit 'ignore instructions' warnings when processing database metadata.
- Capability inventory: The environment includes high-privilege capabilities such as shell command execution (
subprocess.run), opening web browsers (webbrowser.open), and file system writes. - Sanitization: There is no evidence of metadata sanitization or validation before the content is processed by the AI agent.
Audit Metadata