Skills
skills/wu-yc/labclaw/pydeseq2/Gen Agent Trust Hub

pydeseq2

Pass

Audited by Gen Agent Trust Hub on Mar 15, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill facilitates the installation of the pydeseq2 package and its scientific dependencies from standard package registries.
  • [PROMPT_INJECTION]: The skill's primary function involves processing external data files (CSV, TSV, AnnData), which serves as an ingestion surface for potentially untrusted content that could contain indirect prompt instructions.
  • Ingestion points: pd.read_csv and ad.read_h5ad calls within SKILL.md.
  • Boundary markers: No explicit markers or delimiters are suggested for isolating external data content.
  • Capability inventory: The skill has the capability to write files (to_csv, pickle.dump) and references a standalone execution script scripts/run_deseq2_analysis.py.
  • Sanitization: No evidence of input validation or sanitization for metadata or gene labels is provided.
  • [COMMAND_EXECUTION]: The documentation suggests using the pickle module for data serialization and persistence. This presents a risk of arbitrary code execution if a user is induced to load a maliciously crafted pickle file.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 15, 2026, 04:32 AM