biomni

[Skill Scanner] Installation of third-party script detected All findings: [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] This skill is coherent with its stated purpose but contains high-risk capabilities that are unnecessary to grant by default without enforced protections. The primary hazards are arbitrary execution of LLM-generated code with full system privileges, configurable external MCP servers that can receive sensitive data, and automatic large data downloads without described integrity verification. I find no explicit hardcoded secrets or obfuscated/malicious code in the provided documentation, but the operational design requires strict sandboxing, integrity checks for downloads, and careful MCP endpoint vetting before use. Treat as potentially dangerous unless run in isolated, well-audited environments and after validating data sources and MCP server endpoints. LLM verification: The Biomni fragment outlines a plausible autonomous biomedical AI agent framework, yet its current documentation contains several security and reliability gaps (typos in install commands, unpinned dependencies, credential exposure risks, and large local data handling without explicit safeguards). It should be treated with caution and hardened before deployment: fix installation instructions, adopt pinned version constraints and reproducible builds, implement secure credential management (secret