deeptools
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill generates shell scripts (e.g.,
qc_workflow.sh) via a local Python script (scripts/workflow_generator.py) and executes them after modifying permissions withchmod +x. This creates a surface for command injection if inputs like filenames or parameters are not properly sanitized. - [COMMAND_EXECUTION]: The skill executes local Python utilities (
scripts/validate_files.py) that accept and process user-provided arguments, including file paths and genomic parameters. - [EXTERNAL_DOWNLOADS]: The skill installs the
deeptoolspackage from the standard Python package registry usinguv pip install. This is a well-known and legitimate software package in the bioinformatics community.
Audit Metadata