pathml
Pass
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSDATA_EXFILTRATIONREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill provides instructions to install the pathml library and its dependencies using the uv package manager. These are standard operations for setting up the documented toolkit.
- [DATA_EXFILTRATION]: The toolkit includes functionality to send image data to the DeepCell API (deepcell.org) for remote cell segmentation. This is a documented feature of the library and targets a well-known scientific research service.
- [REMOTE_CODE_EXECUTION]: The machine learning examples include torch.load() for loading trained models. While this function uses pickle deserialization, which can be risky if loading untrusted files, the context here is for local model management within a scientific research workflow.
- [COMMAND_EXECUTION]: The documentation contains shell commands for installation, data versioning with DVC, and job submission on HPC clusters using SLURM. These are standard developer operations for computational pathology workflows.
- [SAFE]: The skill processes untrusted data from pathology slide files and clinical metadata. While this constitutes a surface for indirect prompt injection, the data is processed for numerical and spatial analysis using established scientific libraries, and no specific injection vulnerabilities or unsafe prompt interpolation patterns were identified.
Audit Metadata