pylabrobot
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill is designed to process external laboratory protocols and deck layouts which can be loaded from JSON files. This creates a high-risk surface for physical side effects.
- Ingestion points: Ingests deck layouts and state management data through JSON serialization/deserialization as described in the Resource Management section.
- Boundary markers: No explicit boundary markers or instruction-guarding mechanisms are mentioned for data parsed from JSON.
- Capability inventory: Full control over laboratory robots (Hamilton, Opentrons, Tecan), including movement, pipetting, heating, and centrifugation via the
LiquidHandlerand various hardware backends. - Sanitization: No evidence of sanitization or validation for protocol instructions parsed from external sources.
- [External Downloads] (MEDIUM): The Quick Start guide instructs the user to install the
pylabrobotpackage usinguv pip install. - Evidence: The package is hosted on PyPI and GitHub (PyLabRobot/pylabrobot), which are not within the defined 'Trusted Source' scope for automated safety downgrades.
- [Command Execution] (HIGH): The core functionality involves executing commands that result in physical hardware movement.
- Evidence: Operations like
lh.setup(),lh.aspirate(), andpr.read_absorbance()translate high-level Python commands into hardware-level instructions. Subversion of these commands through malicious input could lead to laboratory accidents.
Recommendations
- AI detected serious security threats
Audit Metadata