Skills
skills/thegovind/claude-scientific-skills/labarchive-integration/Gen Agent Trust Hub

labarchive-integration

Warn

Audited by Gen Agent Trust Hub on Apr 29, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill instructs the user to download and install the labarchives-py package from a non-standard source: a personal GitHub repository (https://github.com/mcmero/labarchives-py). This avoids official distribution channels and verification processes, potentially exposing the environment to unvetted code.\n- [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection because it ingests and processes untrusted data from the LabArchives API and local files without sanitization.\n
  • Ingestion points: Data retrieved from API responses in scripts/notebook_operations.py and local files accessed in scripts/entry_operations.py.\n
  • Boundary markers: The instructions do not define delimiters or provide specific warnings to the agent to disregard instructions within the ingested data.\n
  • Capability inventory: The skill includes Python scripts capable of making network requests and performing filesystem operations (read/write).\n
  • Sanitization: There is no evidence of sanitization or validation for the data content in the provided scripts or instructions.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 29, 2026, 02:24 AM