anndata
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [Unverifiable Dependencies & Remote Code Execution] (MEDIUM): The documentation in references/io_operations.md describes methods for downloading and parsing data from untrusted URLs using ad.read_h5ad(url) and fsspec.get_mapper(url).
- [Indirect Prompt Injection] (MEDIUM): The skill identifies ingestion points for untrusted data without providing security controls. Evidence Chain: 1. Ingestion points: references/io_operations.md documents read_h5ad, read_csv, read_excel, and read_zarr. 2. Boundary markers: Absent; no instructions for delimiting or ignoring embedded content in datasets. 3. Capability inventory: references/io_operations.md documents file-write operations (write_h5ad, write_zarr) and network access (fsspec). 4. Sanitization: Absent; no mention of content validation.
- [Data Exposure & Exfiltration] (LOW): The file references/io_operations.md documents patterns for writing data to remote storage (e.g., S3 buckets or Zarr stores via URLs), which could be leveraged for data exfiltration if an agent is compromised via indirect injection.
Audit Metadata