latchbio-integration
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- SAFE (SAFE): All analyzed files (SKILL.md, data-management.md, resource-configuration.md, and workflow-creation.md) contain legitimate technical documentation and code snippets for the LatchBio SDK. The patterns described, such as the use of 'latch.functions.get_secret' for handling credentials, align with industry security standards for cloud-based bioinformatics tools.
- Indirect Prompt Injection (LOW): As a tool designed to process external biological data (files, registry tables), there is an inherent surface for indirect prompt injection if an agent interprets the data content as instructions. Evidence Chain: 1. Ingestion points: LatchFile and LatchDir in references/data-management.md. 2. Boundary markers: Absent from provided templates. 3. Capability inventory: Workflow registration and execution in references/workflow-creation.md. 4. Sanitization: Not explicitly discussed in the context of input sanitization.
Audit Metadata