scvi-tools
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- Indirect Prompt Injection (LOW): This skill handles external single-cell data files (H5AD format) and downloads datasets from established repositories.
- Ingestion points: Data enters the agent via functions like
sc.read_h5ad()andscvi.data.heart_cell_atlas_subsampled()inSKILL.mdand the reference files. - Boundary markers: No explicit instruction delimiters or 'ignore' instructions are provided for processed metadata within these files.
- Capability inventory: The skill allows for file system operations (
model.save,model.load) and network requests for downloading reference data. - Sanitization: Standard biological filtering (e.g.,
filter_genes) is used, but this is for data quality rather than security sanitization. However, the risk is negligible as H5AD files are scientific data structures, not typically used for prompt injection attacks against LLMs. - Unverifiable Dependencies (SAFE): The skill installs
scvi-toolsand utilizes common scientific libraries likescanpy,pandas, andscvelo. All dependencies are from standard repositories (PyPI) and are well-established in the research community.
Audit Metadata