histolab
Pass
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: LOWEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [Category 4: External Downloads] (LOW): The skill utilizes functions such as prostate_tissue() to download sample datasets from external sources (TCGA). While common for library documentation, this involves external data retrieval.
- [Category 8: Indirect Prompt Injection] (LOW): The skill processes untrusted Whole Slide Images (WSI), representing a data ingestion point that could be exploited via vulnerabilities in underlying image-parsing libraries. 1. Ingestion points: Slide(slide_path=...). 2. Boundary markers: Absent. 3. Capability inventory: Writing thumbnails and processed tiles to the local filesystem. 4. Sanitization: None identified; reliance is placed on external library security.
- SAFE (SAFE): No active malicious patterns, such as hardcoded credentials, exfiltration commands, or obfuscated payloads, were detected.
Audit Metadata