Skills
skills/mims-harvard/tooluniverse/tooluniverse-rnaseq-deseq2/Gen Agent Trust Hub

tooluniverse-rnaseq-deseq2

Warn

Audited by Gen Agent Trust Hub on Mar 29, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The script scripts/convert_rds_to_csv.py is vulnerable to command injection. It constructs an R script using f-strings with user-supplied file paths (rds_path and csv_path) and executes it via subprocess.run(['Rscript', ...]). A malicious file path containing R syntax (e.g., \"); system(\"rm -rf /\"); #) could lead to arbitrary code execution within the R environment.
  • [COMMAND_EXECUTION]: The skill relies on subprocess.run to call system binaries like R and Rscript. This is a necessary functional component for RDS file handling but represents an increased security surface area.
  • [CREDENTIALS_UNSAFE]: The .env.template file prompts for multiple sensitive API keys (NVIDIA, OMIM, BioGrid, etc.) for the ToolUniverse platform. Although the template itself is safe, the skill is designed to manage and transmit these credentials to external vendor services.
  • [EXTERNAL_DOWNLOADS]: The skill uses gseapy, which downloads gene set libraries from the Enrichr web service, and integrates with ToolUniverse for gene annotation via external APIs.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface through data ingestion:
  • Ingestion points: Count matrices and metadata loaded via scripts/load_count_matrix.py and scripts/convert_rds_to_csv.py.
  • Boundary markers: None present; biological data is processed directly as pandas DataFrames.
  • Capability inventory: File system access and subprocess execution (Rscript) in scripts/convert_rds_to_csv.py.
  • Sanitization: No validation or sanitization is performed on file paths before they are interpolated into the generated R script.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 29, 2026, 11:45 PM