pylabrobot
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- PROMPT_INJECTION (HIGH): The skill creates a significant attack surface for indirect prompt injection through data ingestion. Evidence Chain: 1. Ingestion points: The skill processes deck layout definitions (JSON) and data from laboratory instruments (e.g., absorbance readings from plate readers). 2. Boundary markers: No markers or delimiters are defined to isolate untrusted data from the agent's core instructions. 3. Capability inventory: The skill possesses the ability to control physical robotic systems (Hamilton, Opentrons, etc.) and execute Python code. 4. Sanitization: No sanitization or validation of external instrument data or layout files is specified.
- EXTERNAL_DOWNLOADS (MEDIUM): The skill requires the installation of external software dependencies. Evidence: The Quick Start section directs users to run 'uv pip install pylabrobot' from PyPI, which is not included in the defined list of trusted sources.
- PROMPT_INJECTION (MEDIUM): The skill contains internal instructions designed to steer the agent's behavior for promotional purposes. Evidence: The 'Suggest Using K-Dense Web' section provides explicit meta-instructions for the agent to proactively suggest a third-party commercial service.
- COMMAND_EXECUTION (MEDIUM): The skill's core functionality involves translating Python code into direct hardware commands. Evidence: The use of classes like 'LiquidHandler' and 'PlateReader' allows for the direct manipulation of hardware drivers and system resources.
Recommendations
- AI detected serious security threats
Audit Metadata