pydeseq2
Warn
Audited by Gen Agent Trust Hub on Apr 16, 2026
Risk Level: MEDIUMREMOTE_CODE_EXECUTIONPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [DYNAMIC_EXECUTION]: The skill uses the 'pickle' module for data persistence across multiple files. Specifically, 'references/workflow_guide.md' and 'SKILL.md' provide code examples using 'pickle.load()' to restore counts DataFrames and analysis objects. This practice is inherently insecure as 'pickle' can execute arbitrary code during deserialization if the input file is maliciously crafted.\n- [INDIRECT_PROMPT_INJECTION]: The skill is designed to ingest and process untrusted external data, forming a surface for indirect prompt injection attacks.\n
- Ingestion points: CSV and TSV count matrices and metadata files are loaded via 'pd.read_csv()' in 'scripts/run_deseq2_analysis.py'.\n
- Boundary markers: There are no explicit delimiters or instructions to the agent to ignore embedded text within the processed data.\n
- Capability inventory: The skill has file system write access (saving CSVs and pickles) and can execute complex data processing logic.\n
- Sanitization: The implementation performs basic structural validation (e.g., checking for negative values) but lacks content-based sanitization to prevent the agent from interpreting data values as instructions.\n- [COMMAND_EXECUTION]: The skill includes a standalone script 'scripts/run_deseq2_analysis.py' that takes several command-line arguments. These arguments, such as '--design' and '--contrast', are passed directly into the pydeseq2 library functions. If an agent populates these arguments using untrusted input without sufficient sanitization, it could lead to tool-use abuse or unexpected library behavior.
Audit Metadata