The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The documentation and reference guides (references/workflow_guide.md and references/api_reference.md) explicitly recommend and provide examples of using the 'pickle' module to load count data and analysis results.
Evidence: Documented examples such as 'with open("counts.pkl", "rb") as f: counts_df = pickle.load(f)' and 'with open("dds_result.pkl", "rb") as f: adata = pickle.load(f)'.
Risk: The 'pickle' module is inherently unsafe as it can execute arbitrary Python code during the loading process. If a user is prompted to load a malicious .pkl or .dds file provided by an untrusted source, their system could be fully compromised.
Remediation: Use safer alternatives for data persistence such as Parquet, HDF5 (AnnData's native format), or JSON when possible. If pickle must be used, include explicit security warnings regarding untrusted files.
[PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection by ingesting and processing external data files (CSV/TSV) which are then used to influence the agent's context and output.
Ingestion points: 'counts.csv' and 'metadata.csv' files are loaded via 'pd.read_csv()' in the 'scripts/run_deseq2_analysis.py' script.
Boundary markers: There are no explicit boundary markers or instructions to the agent to ignore potentially malicious content embedded within the metadata or column headers of the provided files.
Capability inventory: The skill has the ability to read and write files, generate visualizations, and the documented examples include unsafe deserialization capabilities.
Sanitization: While the script performs basic numeric validation (checking for non-negative integers) on count data, it does not sanitize metadata strings which could contain instructions designed to mislead the AI agent during the 'Result Interpretation' phase.

pydeseq2