Skills
skills/ligphidonk/oh-my--paper/bioinformatics-init-analysis/Gen Agent Trust Hub

bioinformatics-init-analysis

Pass

Audited by Gen Agent Trust Hub on Apr 19, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection due to the ingestion of untrusted biological data.\n
  • Ingestion points: scripts/step1_load_data.py reads marker names and metadata from user-controlled files (CSV, H5AD, FCS).\n
  • Boundary markers: There are no explicit boundary markers or instructions to the agent to ignore potentially malicious content within these data-derived strings.\n
  • Capability inventory: The skill uses run_terminal and write_file, providing a capability set that could be targeted by successful injection.\n
  • Sanitization: The scripts/step7_report.py script performs direct string interpolation of markers and metadata into an HTML report without escaping, which could lead to XSS or influence subsequent agent steps if the report content is re-ingested.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 19, 2026, 01:26 PM