pydeseq2
Warn
Audited by Gen Agent Trust Hub on Jun 14, 2026
Risk Level: MEDIUMREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill documents and implements data persistence using the Python
picklemodule. Specifically,references/workflow_guide.mdcontains examples of loading analysis results usingpickle.load(). Insecure deserialization viapicklecan be exploited for arbitrary code execution if the input file originates from an untrusted source or has been tampered with.\n- [COMMAND_EXECUTION]: The skill provides a Python script (scripts/run_deseq2_analysis.py) for executing the differential expression pipeline. The script performs file-based operations and data processing tasks based on command-line arguments.\n- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface as it ingests untrusted external data from CSV and AnnData files. While no direct command injection was found, the combination of external data ingestion and file-writing capabilities creates a potential path for multi-step exploitation.\n - Ingestion points: Reads count matrices and sample metadata from CSV files (
counts.csv,metadata.csv) and AnnData files (data.h5ad).\n - Boundary markers: The instructions lack specific delimiters or guardrails to prevent the agent from interpreting instructions that might be embedded within the processed data files.\n
- Capability inventory: The skill includes a script (
scripts/run_deseq2_analysis.py) that performs local file system reads and writes for processing genomic data.\n - Sanitization: External data is processed using standard methods such as
pandas.read_csvwithout implementation-specific sanitization or content validation for malicious payloads.\n- [EXTERNAL_DOWNLOADS]: The skill references thepydeseq2package for installation and points to official documentation and source code hosted at well-known domains, includingpydeseq2.readthedocs.ioandgithub.com/owkin/PyDESeq2.
Audit Metadata