single-cell-downstream-analysis
Warn
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill utilizes library functions like
ov.utils.download_GDSC_data()andov.utils.download_CaDRReS_model()to fetch external datasets and pre-trained models required for drug response analysis. - [EXTERNAL_DOWNLOADS]: Instructions are provided to clone an external GitHub repository (
https://github.com/CSB5/CaDRReS-Sc) to obtain supplementary scripts needed for theDrug_Responsemodule. - [COMMAND_EXECUTION]: The
ov.single.Drug_Responsefunction takes ascriptpathargument pointing to the clonedCaDRReS-Scdirectory, which indicates that it executes external code from that path. - [COMMAND_EXECUTION]: The skill uses
ov.utils.saveto persist analysis objects (e.g.,scenic_obj), which likely employs Python'spicklemodule. This poses a risk of unsafe deserialization if these files are manipulated or retrieved from untrusted sources. - [REMOTE_CODE_EXECUTION]: The combination of cloning a remote repository and subsequently executing its contents via library functions constitutes a remote code execution vector from a non-whitelisted source.
- [PROMPT_INJECTION]: The skill ingests untrusted biological data (AnnData, feather databases, motif tables) from external and local sources. This represents an attack surface for indirect prompt injection.
- Ingestion points:
AnnDataobjects via dataset loaders,*.featherdatabases, and*.tblfiles in the SCENIC module. - Boundary markers: None detected in the prompt instructions to isolate data from agent instructions.
- Capability inventory: Includes file writing (
adata.write,ov.utils.save) and external code execution (ov.single.Drug_Response). - Sanitization: No specific sanitization or validation logic is applied to the content of ingested biological data before processing.
Audit Metadata