Skills
skills/swn94/claude-scientific-skills/imaging-data-commons/Gen Agent Trust Hub

imaging-data-commons

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION] (HIGH): The skill exposes a critical Indirect Prompt Injection surface.
  • Ingestion points: The idc download and idc download-from-manifest commands in references/cli_guide.md ingest external identifiers (CollectionID, PatientID) and manifest file contents.
  • Boundary markers: There are no specified boundary markers to isolate these inputs from the execution logic.
  • Capability inventory: The tool possesses file-write capabilities and manages subprocesses (e.g., s5cmd).
  • Sanitization: The instructions do not define sanitization for identifiers used in --dir-template, enabling path traversal (e.g., PatientID=../../etc/) to overwrite system files.
  • [COMMAND_EXECUTION] (MEDIUM): The tool executes system-level download and sync operations based on parameters derived from external manifest files and user-controlled templates.
  • [EXTERNAL_DOWNLOADS] (LOW): The skill documentation recommends installing idc-index via pip. While standard, this represents an external dependency that requires source verification.
Recommendations
  • AI detected serious security threats
  • Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 12:32 PM