biomni
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (HIGH): The framework is designed to autonomously execute LLM-generated code with full system privileges, as stated in its own documentation. This presents a significant risk of arbitrary command execution if the agent is compromised.
- REMOTE_CODE_EXECUTION (HIGH): The agent.go function facilitates the dynamic generation and execution of code based on user prompts, creating a direct path for remote code execution on the user's machine.
- EXTERNAL_DOWNLOADS (MEDIUM): The skill initiates an 11GB data download upon first use. Without verified integrity checks or trusted source status for the endpoint, this poses a supply chain risk.
- PROMPT_INJECTION (LOW): As a data-processing agent (Category 8), it is vulnerable to indirect prompt injection from the biomedical datasets it analyzes, which could lead the LLM to generate and execute malicious code via its primary workflow.
Recommendations
- AI detected serious security threats
Audit Metadata