bioinformatics
Fail
Audited by Gen Agent Trust Hub on Apr 4, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill clones data from
https://github.com/GPTomics/bioSkills.gitandhttps://github.com/ClawBio/ClawBio.git, which are not categorized as trusted sources. - [COMMAND_EXECUTION]: Instructs the agent to perform privileged operations via
sudo apt install, which can be used to compromise the system. - [REMOTE_CODE_EXECUTION]: Directs the agent to install dependencies and execute Python scripts fetched from the untrusted
ClawBiorepository. - [COMMAND_EXECUTION]: Employs several powerful shell tools including
git,cat, and various package managers to handle external code. - [PROMPT_INJECTION]: Vulnerable to indirect prompt injection because it reads and follows expert guides from external repositories using
catwithout delimiters or sanitization. - Ingestion points: SKILL.md and README.md files in the cloned repository paths.
- Boundary markers: None present.
- Capability inventory: File system access, shell execution, and Python runtime.
- Sanitization: No content validation or filtering.
- Remediation: Implement boundary markers for external content and avoid recommending sudo for package installation.
Recommendations
- AI detected serious security threats
Audit Metadata