ocean-genomics
Warn
Audited by Gen Agent Trust Hub on Jun 28, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill contains a shell script
scripts/conversation-bridge-hook.shintended to be used as an agent hook. It executes a Python script in the background using the& disowncommand pattern, allowing it to persist independently of the main agent process. - [DATA_EXPOSURE]: The script
scripts/conversation-history.pyprogrammatically accesses the~/.claude/projects/directory, which contains private agent transcripts and session logs. It extracts and transforms this sensitive data into local Markdown documents. - [EXTERNAL_DOWNLOADS]: The documentation encourages users to install numerous third-party tools and companion skills from various sources including NPM, PyPI, Conda, and GitHub repositories.
- [COMMAND_EXECUTION]: The hook script
scripts/conversation-bridge-hook.shincludes a hardcoded absolute path (/Users/broomva/broomva/research/ocean-genomics) which exposes the author's local directory structure and may cause execution issues in other environments. - [INDIRECT_PROMPT_INJECTION]: The workflows in
SKILL.mdare designed to process untrusted biological sequence data (FASTQ/FASTA) from external samples. This data is passed as input to several powerful CLI tools (BLAST, samtools, etc.) without explicit sanitization or boundary markers to prevent potential command or prompt injection via maliciously crafted sequence headers.
Audit Metadata