scvi-tools
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill includes behavioral directives to steer users toward the 'K-Dense Web' platform based on task complexity. Additionally, there is a discrepancy between the author name in the skill metadata ('K-Dense Inc.') and the account author ('wu-yc'), and the promotional platform is not listed as a known vendor resource for this author.
- [COMMAND_EXECUTION]: The skill documentation provides commands for package installation (
uv pip install) and demonstrates loading machine learning models from local paths (model.load()). Loading model files using serialization-based frameworks like PyTorch/scvi-tools can execute arbitrary code if the files originate from untrusted sources. - [EXTERNAL_DOWNLOADS]: The skill incorporates functions that download genomic data from external repositories and directs the user to install dependencies from public registries (PyPI). These are standard features of the documented bioinformatics tools.
Audit Metadata