nextflow-workflow-engine
Fail
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: Fetches the Nextflow installation script from the official domain nextflow.io and executes it via a piped bash command. This is the documented installation method for the tool.
- [EXTERNAL_DOWNLOADS]: Downloads the Nextflow executable, pulls bioinformatics pipelines from the nf-core GitHub organization, and installs the nf-core Python package from PyPI.
- [COMMAND_EXECUTION]: Executes various shell commands (e.g., echo, STAR, FASTP) within the workflow process blocks to perform data processing tasks.
- [PROMPT_INJECTION]: Potential for indirect prompt injection via untrusted data ingestion.
- Ingestion points: Sample data loaded from CSV files (samplesheet.csv) and file patterns using Channel.fromPath and Channel.fromFilePairs in SKILL.md.
- Boundary markers: Absent; data values are directly interpolated into shell scripts.
- Capability inventory: Execution of arbitrary shell scripts via Nextflow processes defined in SKILL.md.
- Sanitization: No explicit validation or sanitization of input sample IDs or file paths is demonstrated before they are used in shell command strings.
Recommendations
- HIGH: Downloads and executes remote code from: https://get.nextflow.io - DO NOT USE without thorough review
Audit Metadata