tiledbvcf
Pass
Audited by Gen Agent Trust Hub on Jun 14, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill provides instructions to download and install several well-known scientific computing packages (tiledb-py, tiledbvcf-py, pandas, etc.) from trusted registries including Conda-forge, Bioconda, and PyPI.
- [DATA_EXPOSURE]: Code examples demonstrate exporting genomic data to the user's home directory using
os.path.expanduser("~"). This is a sensitive path access used here for legitimate local file output. - [COMMAND_EXECUTION]: The skill includes instructions for running command-line tools for dataset management and package installation (conda, mamba, docker, tiledbvcf CLI). These are standard operations for this type of software.
- [INDIRECT_PROMPT_INJECTION]: The skill defines an attack surface for indirect prompt injection as it is designed to ingest and process external genomic variant files (VCF/BCF).
- Ingestion points: The
ds.ingest_samples()method reads data from external file paths. - Boundary markers: None identified in the provided prompts.
- Capability inventory: The skill has the capability to write files to the local filesystem and interact with cloud storage (S3, GCS, Azure).
- Sanitization: No explicit sanitization of input file content is described in the prompt logic.
Audit Metadata