single-cell-cellphonedb-communication-mapping
Warn
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: Potential for arbitrary code execution through unsafe deserialization. The skill instructions and reference code suggest saving and reusing results in .pkl format via ov.utils.save. Python's pickle module is known to be insecure against maliciously crafted data, allowing code execution during the loading process.
- [PROMPT_INJECTION]: Presence of an indirect prompt injection surface. The skill processes external biological data files (.h5ad), which enters the agent's context.
- Ingestion points: data/cpdb/normalised_log_counts.h5ad loaded in Step 2.
- Boundary markers: None identified in the instructions to prevent the agent from following instructions embedded in metadata.
- Capability inventory: File writing capabilities (ov.utils.save, adata_cpdb.write).
- Sanitization: No evidence of sanitization or validation for the content of the ingested data.
Audit Metadata