single-cell-annotation-skills-with-omicverse
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches scientific datasets, model weights, and ontology files from established research repositories including Figshare (figshare.com), 10x Genomics, Hugging Face, the OBO Foundry (obolibrary.org), and the China National Center for Bioinformation (cncb.ac.cn).
- [PROMPT_INJECTION]: The skill facilitates an indirect prompt injection surface (Category 8) based on the following evidence chain: (1) Ingestion points: The skill reads genomic counts and metadata from .h5ad and .mtx files using sc.read_10x_mtx, sc.read, and ad.read_h5ad in reference.md. (2) Boundary markers: There are no explicit delimiters or instructions to ignore embedded content in the prompts generated for the LLM. (3) Capability inventory: Marker gene names extracted from the data are passed to LLM providers (OpenAI, Qwen, etc.) via ov.single.CellVote, ov.single.gptcelltype, and ov.single.gptcelltype_local. (4) Sanitization: There is no evidence of sanitization or validation for the gene markers before interpolation into the LLM prompts.
Audit Metadata