Skills
skills/lifangda/claude-plugins/latchbio-integration/Gen Agent Trust Hub

latchbio-integration

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION] (HIGH): The skill utilizes high-privilege CLI commands such as 'latch register' and 'latch execute' (SKILL.md, references/workflow-creation.md). These commands build local Docker containers and deploy them to a remote cloud environment, providing a significant attack surface if the agent is manipulated into deploying malicious code.
  • [REMOTE_CODE_EXECUTION] (HIGH): The core purpose of the skill is to define and run serverless workflows. The agent is encouraged to handle complex pipeline logic (Nextflow/Snakemake) and Python decorators (@workflow, @task). This creates a high-risk environment for indirect prompt injection where untrusted external code is promoted to execution on cloud resources.
  • [EXTERNAL_DOWNLOADS] (LOW): The skill documentation (SKILL.md, references/workflow-creation.md) recommends installing the 'latch' Python package (python3 -m pip install latch). This is a standard dependency installation from a known source, but it enables the higher-risk operations described above.
  • [CREDENTIALS_UNSAFE] (MEDIUM): The documentation (SKILL.md, references/data-management.md) includes instructions for 'latch login' and the use of 'get_secret("api_key")'. These mechanisms handle sensitive authentication tokens and secrets which could be targeted for exfiltration through carefully crafted malicious inputs to the agent.
  • [PROMPT_INJECTION] (HIGH): The skill is highly vulnerable to Indirect Prompt Injection due to its extensive execution capabilities.
  • Ingestion points: Untrusted pipeline definitions and workflow descriptions provided via 'latch register --nextflow' or Python code generation (references/workflow-creation.md).
  • Boundary markers: Absent; no instructions are provided to the agent on how to delimit or ignore instructions within processed data.
  • Capability inventory: 'latch register' (docker build/push), 'latch execute' (cloud RCE), 'get_secret' (credential access), and 'Record.update' (registry modification).
  • Sanitization: Absent; the skill assumes all processed code and metadata are safe for deployment.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 09:21 AM