labarchive-integration
Warn
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructions and scripts recommend installing a Python dependency directly from a personal GitHub repository (
https://github.com/mcmero/labarchives-py). This source is not associated with an official organization or a well-known service registry. - [REMOTE_CODE_EXECUTION]: By instructing users to run
pip install git+https://github.com/mcmero/labarchives-py, the skill facilitates the execution of unversioned code from an external third-party source during installation. - [COMMAND_EXECUTION]: The provided Python scripts (
setup_config.py,notebook_operations.py,entry_operations.py) perform sensitive system-level tasks, including creating local configuration files, writing notebook data backups to the filesystem, and performing network operations via API requests. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests and processes untrusted data from external Electronic Lab Notebooks (ELN).
- Ingestion points: External data enters the agent context through the
users/user_access_infoandnotebook_backupAPI methods invoked inscripts/notebook_operations.py. - Boundary markers: Absent. The skill does not use specific delimiters or instructions to protect the agent from executing commands hidden within scientific data or entry text.
- Capability inventory: The skill possesses capabilities for filesystem writing (notebook backups), network transmission (API requests via the
requestslibrary), and shell command execution. - Sanitization: While the scripts use standard libraries for XML and JSON parsing, they do not perform validation or filtering to detect or strip malicious instructions from the retrieved notebook content.
Audit Metadata