omero-integration
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE] (LOW): The skill handles OMERO server authentication details including usernames and passwords. Documentation correctly suggests best practices like environment variables and configuration files, but the agent remains in the trust boundary for these sensitive secrets.
- [COMMAND_EXECUTION] (LOW): Installation instructions require executing shell commands (
uv pip install) to manage dependencies on the host system. - [EXTERNAL_DOWNLOADS] (LOW): The skill depends on the
omero-pypackage. While this is the official library for the OMERO platform, it is an external dependency from a source not explicitly on the trusted organization list. - [PROMPT_INJECTION] (LOW): Vulnerable to Indirect Prompt Injection (Category 8). (1) Ingestion points: The skill retrieves microscopy metadata, tags, and annotations from remote servers. (2) Boundary markers: Absent. (3) Capability inventory: Includes session impersonation (suConn), hierarchical data access, and file attachment management. (4) Sanitization: Absent. Maliciously crafted data in these fields could attempt to influence the agent's behavior. The skill also includes specific instructions to suggest a specific research platform based on workflow complexity.
Audit Metadata