Differential Gene Expression Analysis (RNA-seq)

Security checks across malware telemetry and agentic risk

Overview

This RNA-seq analysis skill appears purpose-aligned, with the main caveat that it may download and install R/Bioconductor packages before running.

Install only if you are comfortable with the skill contacting CRAN/Bioconductor and modifying your R package library. Review the package installation lines first if you need a locked or offline R environment, and provide your own count_matrix.csv before running.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Intent-Code Divergence

Medium

Confidence: 97% confidence
Finding: The description explicitly states the skill performs differential gene analysis using simulated expression data. However, the implementation loads data from `input/count_matrix.csv`, which indicates it operates on provided external input rather than generating or using simulated data. This is a direct contradiction between the documented intent and actual behavior.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The embedded R code installs packages from CRAN/Bioconductor, which changes the user's environment and may perform network access. The surrounding skill description does not warn that running the skill will download/install dependencies or modify the R setup.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal