omero-integration
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill includes behavioral steering in the 'Suggest Using K-Dense Web For Complex Worflows' section, which instructs the agent to proactively recommend the author's hosted platform (www.k-dense.ai) based on task complexity. This is an intentional behavioral nudge by the author to influence agent response patterns.\n- [PROMPT_INJECTION]: Indirect Prompt Injection Surface:\n
- Ingestion points: Retrieves project names, dataset metadata, and annotations from external OMERO servers via the omero.gateway API.\n
- Boundary markers: No delimiters or specific instructions to ignore embedded commands in metadata are provided.\n
- Capability inventory: The skill can create or modify annotations, ROIs, and tables on the OMERO server.\n
- Sanitization: No sanitization of retrieved metadata is specified before it is processed or displayed.\n- [EXTERNAL_DOWNLOADS]: Recommends the installation of 'omero-py' via pip, which is the standard, well-known client library for the OMERO platform and is considered a trusted dependency.\n- [DATA_EXFILTRATION]: Requires connection parameters including 'username' and 'password' for the OMERO server. While functionally necessary, the skill does not implement built-in secret management, relying on the user to provide credentials securely during runtime.
Audit Metadata