📦
سجل التدقيق
sragent - 6 عمليات التدقيق
إصدار التدقيق 6
الأحدث مخاطر متوسطةJun 28, 2026, 10:25 AM
Static findings are mostly expected for a research workflow skill that runs the SRAgent CLI, queries public genomics services, and downloads papers. No prompt injection, credential exfiltration, or malicious intent was found, but troubleshooting guidance can expose API keys or .env contents and should be treated as a publication warning.
6
الملفات التي تم فحصها
2,011
الأسطر التي تم تحليلها
9
النتائج
codex
تم تدقيقه بواسطة
مشكلات متوسطة المخاطر (3)
Troubleshooting Guidance Can Reveal Credentials
The skill includes commands that echo API key variables, grep environment variables containing API_KEY, and print .env contents. This is useful for setup debugging, but it can disclose secrets into chat logs or terminal output.
External CLI Execution With User-Supplied Research Inputs
The skill instructs the agent to run SRAgent through shell commands and bash_tool examples. This is central to the skill, but accession values and CSV paths should be validated before being placed in shell commands.
Network Downloads and Local File Writes Are Expected Behavior
The papers workflow retrieves publications from public sources and writes PDFs or enriched CSV files to output directories. This creates normal network and filesystem exposure for a publication-retrieval skill, not evidence of malicious exfiltration.
مشكلات منخفضة المخاطر (2)
Static Sensitive-File and Crypto Matches Are False Positives
BioSample accession examples such as SAMN are biological identifiers, not Windows SAM database access. Old instrument names such as LS454 are sequencing platforms, not weak cryptographic algorithms.
Hidden Home Directory Access Is Installation Guidance
The ~/.claude/skills path is used to install the skill for Claude Code. It is not evidence of stealthy hidden-file access or unauthorized reading of user data.
عوامل الخطر
⚙️ الأوامر الخارجية (4)
🌐 الوصول إلى الشبكة (4)
📁 الوصول إلى نظام الملفات (4)
الأنماط المكتشفة
Shell Command Invocation PatternSecret-Printing Troubleshooting Pattern
إصدار التدقيق 5
آمنJan 16, 2026, 04:16 PM
All 413 static findings are false positives. The skill consists only of markdown documentation files. No executable code exists in this skill. The static analyzer incorrectly flagged markdown code block delimiters, example environment variable placeholders, and NCBI field names as security issues.
7
الملفات التي تم فحصها
2,271
الأسطر التي تم تحليلها
4
النتائج
claude
تم تدقيقه بواسطة
لا توجد مشكلات أمنية
عوامل الخطر
⚙️ الأوامر الخارجية (281)
README.md:8-20 README.md:20-25 README.md:25-37 README.md:37-40 README.md:40-46 README.md:46-53 README.md:53-56 README.md:56-71 README.md:71-74 README.md:74-77 README.md:77-81 README.md:81-84 README.md:84-88 README.md:88-92 README.md:92-93 README.md:93-94 README.md:94-95 README.md:95-109 README.md:109-110 README.md:110-114 README.md:114-115 README.md:115-116 README.md:116-120 README.md:120-121 references/metadata-fields.md:10-16 references/metadata-fields.md:16-19 references/metadata-fields.md:19-24 references/metadata-fields.md:24-27 references/metadata-fields.md:27-33 references/metadata-fields.md:33-38 references/metadata-fields.md:38-48 references/metadata-fields.md:48-51 references/metadata-fields.md:51-60 references/metadata-fields.md:60-63 references/metadata-fields.md:63-74 references/metadata-fields.md:74-77 references/metadata-fields.md:77-85 references/metadata-fields.md:85-88 references/metadata-fields.md:88-96 references/metadata-fields.md:96-101 references/metadata-fields.md:101-109 references/metadata-fields.md:109-112 references/metadata-fields.md:112-130 references/metadata-fields.md:130-133 references/metadata-fields.md:133-140 references/metadata-fields.md:140-143 references/metadata-fields.md:143-149 references/metadata-fields.md:149-154 references/metadata-fields.md:154-167 references/metadata-fields.md:167-170 references/metadata-fields.md:170-182 references/metadata-fields.md:182-187 references/metadata-fields.md:187-198 references/metadata-fields.md:198-201 references/metadata-fields.md:201-213 references/metadata-fields.md:213-216 references/metadata-fields.md:216-221 references/metadata-fields.md:221-226 references/metadata-fields.md:226-235 references/metadata-fields.md:235-238 references/metadata-fields.md:238-243 references/metadata-fields.md:243-248 references/metadata-fields.md:248-256 references/metadata-fields.md:256-259 references/metadata-fields.md:259-269 references/metadata-fields.md:269-274 references/metadata-fields.md:274-289 references/metadata-fields.md:289-292 references/metadata-fields.md:292-305 references/metadata-fields.md:305-310 references/metadata-fields.md:310-316 references/metadata-fields.md:316-319 references/metadata-fields.md:319-331 references/metadata-fields.md:331-334 references/metadata-fields.md:334-345 references/metadata-fields.md:345-350 references/metadata-fields.md:350-390 references/metadata-fields.md:390-414 references/metadata-fields.md:414-416 references/metadata-fields.md:416-419 references/metadata-fields.md:419-426 references/metadata-fields.md:426-429 references/metadata-fields.md:429-431 references/metadata-fields.md:431-434 references/metadata-fields.md:434-440 references/metadata-fields.md:440-443 references/metadata-fields.md:443-445 references/metadata-fields.md:445-448 references/metadata-fields.md:448-454 references/metadata-fields.md:454-459 references/metadata-fields.md:459-465 references/metadata-fields.md:465-468 references/metadata-fields.md:468-469 references/metadata-fields.md:469-478 references/metadata-fields.md:478-483 references/quick-reference.md:6-15 references/quick-reference.md:15-18 references/quick-reference.md:18-27 references/quick-reference.md:27-30 references/quick-reference.md:30-39 references/quick-reference.md:39-42 references/quick-reference.md:42-51 references/quick-reference.md:51-55 references/quick-reference.md:55-71 references/quick-reference.md:71-77 references/quick-reference.md:77-78 references/quick-reference.md:78-79 references/quick-reference.md:79-80 references/quick-reference.md:80-81 references/quick-reference.md:81-82 references/quick-reference.md:82-83 references/quick-reference.md:83-88 references/quick-reference.md:88-99 references/quick-reference.md:99-102 references/quick-reference.md:102-106 references/quick-reference.md:106-109 references/quick-reference.md:109-115 references/quick-reference.md:115-118 references/quick-reference.md:118-125 references/quick-reference.md:125-130 references/quick-reference.md:130-138 references/quick-reference.md:138-141 references/quick-reference.md:141-152 references/quick-reference.md:152-164 references/quick-reference.md:164-175 references/quick-reference.md:175-178 references/quick-reference.md:178-183 references/quick-reference.md:183-188 references/quick-reference.md:188-191 references/quick-reference.md:191-195 references/quick-reference.md:195-198 references/quick-reference.md:198-201 references/quick-reference.md:201-206 references/quick-reference.md:206-213 references/quick-reference.md:213-216 references/quick-reference.md:216-223 references/quick-reference.md:223-226 references/quick-reference.md:226-233 references/quick-reference.md:233-236 references/quick-reference.md:236-244 references/quick-reference.md:244-248 references/quick-reference.md:248-260 references/quick-reference.md:260-265 references/quick-reference.md:265-279 references/quick-reference.md:279-282 references/quick-reference.md:282-297 references/quick-reference.md:297-303 references/quick-reference.md:303 references/quick-reference.md:303-304 references/quick-reference.md:304-305 references/quick-reference.md:305-323 references/quick-reference.md:323-335 references/quick-reference.md:335-339 references/quick-reference.md:339-354 references/usage-examples.md:8-10 references/usage-examples.md:10-13 references/usage-examples.md:13-22 references/usage-examples.md:22-33 references/usage-examples.md:33-35 references/usage-examples.md:35-38 references/usage-examples.md:38-42 references/usage-examples.md:42-53 references/usage-examples.md:53-55 references/usage-examples.md:55-58 references/usage-examples.md:58-63 references/usage-examples.md:63-74 references/usage-examples.md:74-77 references/usage-examples.md:77-80 references/usage-examples.md:80-87 references/usage-examples.md:87-101 references/usage-examples.md:101-107 references/usage-examples.md:107-110 references/usage-examples.md:110-112 references/usage-examples.md:112-115 references/usage-examples.md:115-126 references/usage-examples.md:126-129 references/usage-examples.md:129-132 references/usage-examples.md:132-145 references/usage-examples.md:145-147 references/usage-examples.md:147-150 references/usage-examples.md:150-153 references/usage-examples.md:153-169 references/usage-examples.md:169-172 references/usage-examples.md:172-175 references/usage-examples.md:175-184 references/usage-examples.md:184-196 references/usage-examples.md:196-210 references/usage-examples.md:210-222 references/usage-examples.md:222-230 references/usage-examples.md:230-245 references/usage-examples.md:245-258 references/usage-examples.md:258-273 references/usage-examples.md:273-274 references/usage-examples.md:274-275 references/usage-examples.md:275-284 references/usage-examples.md:284-287 references/usage-examples.md:287-290 references/usage-examples.md:290-292 references/usage-examples.md:292-295 references/usage-examples.md:295-299 references/usage-examples.md:299-302 references/usage-examples.md:302-304 SKILL.md:23-25 SKILL.md:25-29 SKILL.md:29-31 SKILL.md:31-42 SKILL.md:42-45 SKILL.md:45-47 SKILL.md:47-52 SKILL.md:52-54 SKILL.md:54-56 SKILL.md:56-58 SKILL.md:58-60 SKILL.md:60-62 SKILL.md:62-64 SKILL.md:64-66 SKILL.md:66-69 SKILL.md:69-73 SKILL.md:73-81 SKILL.md:81-87 SKILL.md:87-93 SKILL.md:93-140 SKILL.md:140-150 SKILL.md:150-159 SKILL.md:159-161 SKILL.md:161-177 SKILL.md:177-189 SKILL.md:189-191 SKILL.md:191-200 SKILL.md:200-201 SKILL.md:201 SKILL.md:201-202 SKILL.md:202-205 SKILL.md:205-220 SKILL.md:220-223 SKILL.md:223-229 SKILL.md:229-230 SKILL.md:230-231 SKILL.md:231-236 SKILL.md:236-245 SKILL.md:245-248 SKILL.md:248-257 SKILL.md:257-260 SKILL.md:260-276 SKILL.md:276-279 SKILL.md:279-288 SKILL.md:288-296 SKILL.md:296-314 SKILL.md:314-320 SKILL.md:320-337 SKILL.md:337-342 SKILL.md:342 SKILL.md:342-343 SKILL.md:343 SKILL.md:343-346 SKILL.md:346 SKILL.md:346-347 SKILL.md:347 SKILL.md:347-348 SKILL.md:348 SKILL.md:348-349 SKILL.md:349 SKILL.md:349-352 SKILL.md:352 SKILL.md:352-353 SKILL.md:353 SKILL.md:353-354 SKILL.md:354-357 SKILL.md:357-365 SKILL.md:365-399 SKILL.md:399-410 SKILL.md:410-414 SKILL.md:414-425 SKILL.md:425-430 SKILL.md:430-437 SKILL.md:437-440 SKILL.md:440-446 SKILL.md:446-468 SKILL.md:468-470 SKILL.md:470-472 SKILL.md:472-474
🌐 الوصول إلى الشبكة (13)
📁 الوصول إلى نظام الملفات (9)
🔑 متغيرات البيئة (27)
README.md:27 README.md:29 README.md:33 README.md:36 README.md:41 README.md:115 references/quick-reference.md:250 references/quick-reference.md:250 references/quick-reference.md:251 references/quick-reference.md:251 references/quick-reference.md:253 references/quick-reference.md:253 references/quick-reference.md:257 references/quick-reference.md:257 references/quick-reference.md:303 references/quick-reference.md:303 references/quick-reference.md:305 references/quick-reference.md:334 references/quick-reference.md:344 SKILL.md:66 SKILL.md:52 SKILL.md:54 SKILL.md:60 SKILL.md:62 SKILL.md:422 SKILL.md:442 SKILL.md:459
إصدار التدقيق 4
آمنJan 16, 2026, 04:16 PM
All 413 static findings are false positives. The skill consists only of markdown documentation files. No executable code exists in this skill. The static analyzer incorrectly flagged markdown code block delimiters, example environment variable placeholders, and NCBI field names as security issues.
7
الملفات التي تم فحصها
2,271
الأسطر التي تم تحليلها
4
النتائج
claude
تم تدقيقه بواسطة
لا توجد مشكلات أمنية
عوامل الخطر
⚙️ الأوامر الخارجية (281)
README.md:8-20 README.md:20-25 README.md:25-37 README.md:37-40 README.md:40-46 README.md:46-53 README.md:53-56 README.md:56-71 README.md:71-74 README.md:74-77 README.md:77-81 README.md:81-84 README.md:84-88 README.md:88-92 README.md:92-93 README.md:93-94 README.md:94-95 README.md:95-109 README.md:109-110 README.md:110-114 README.md:114-115 README.md:115-116 README.md:116-120 README.md:120-121 references/metadata-fields.md:10-16 references/metadata-fields.md:16-19 references/metadata-fields.md:19-24 references/metadata-fields.md:24-27 references/metadata-fields.md:27-33 references/metadata-fields.md:33-38 references/metadata-fields.md:38-48 references/metadata-fields.md:48-51 references/metadata-fields.md:51-60 references/metadata-fields.md:60-63 references/metadata-fields.md:63-74 references/metadata-fields.md:74-77 references/metadata-fields.md:77-85 references/metadata-fields.md:85-88 references/metadata-fields.md:88-96 references/metadata-fields.md:96-101 references/metadata-fields.md:101-109 references/metadata-fields.md:109-112 references/metadata-fields.md:112-130 references/metadata-fields.md:130-133 references/metadata-fields.md:133-140 references/metadata-fields.md:140-143 references/metadata-fields.md:143-149 references/metadata-fields.md:149-154 references/metadata-fields.md:154-167 references/metadata-fields.md:167-170 references/metadata-fields.md:170-182 references/metadata-fields.md:182-187 references/metadata-fields.md:187-198 references/metadata-fields.md:198-201 references/metadata-fields.md:201-213 references/metadata-fields.md:213-216 references/metadata-fields.md:216-221 references/metadata-fields.md:221-226 references/metadata-fields.md:226-235 references/metadata-fields.md:235-238 references/metadata-fields.md:238-243 references/metadata-fields.md:243-248 references/metadata-fields.md:248-256 references/metadata-fields.md:256-259 references/metadata-fields.md:259-269 references/metadata-fields.md:269-274 references/metadata-fields.md:274-289 references/metadata-fields.md:289-292 references/metadata-fields.md:292-305 references/metadata-fields.md:305-310 references/metadata-fields.md:310-316 references/metadata-fields.md:316-319 references/metadata-fields.md:319-331 references/metadata-fields.md:331-334 references/metadata-fields.md:334-345 references/metadata-fields.md:345-350 references/metadata-fields.md:350-390 references/metadata-fields.md:390-414 references/metadata-fields.md:414-416 references/metadata-fields.md:416-419 references/metadata-fields.md:419-426 references/metadata-fields.md:426-429 references/metadata-fields.md:429-431 references/metadata-fields.md:431-434 references/metadata-fields.md:434-440 references/metadata-fields.md:440-443 references/metadata-fields.md:443-445 references/metadata-fields.md:445-448 references/metadata-fields.md:448-454 references/metadata-fields.md:454-459 references/metadata-fields.md:459-465 references/metadata-fields.md:465-468 references/metadata-fields.md:468-469 references/metadata-fields.md:469-478 references/metadata-fields.md:478-483 references/quick-reference.md:6-15 references/quick-reference.md:15-18 references/quick-reference.md:18-27 references/quick-reference.md:27-30 references/quick-reference.md:30-39 references/quick-reference.md:39-42 references/quick-reference.md:42-51 references/quick-reference.md:51-55 references/quick-reference.md:55-71 references/quick-reference.md:71-77 references/quick-reference.md:77-78 references/quick-reference.md:78-79 references/quick-reference.md:79-80 references/quick-reference.md:80-81 references/quick-reference.md:81-82 references/quick-reference.md:82-83 references/quick-reference.md:83-88 references/quick-reference.md:88-99 references/quick-reference.md:99-102 references/quick-reference.md:102-106 references/quick-reference.md:106-109 references/quick-reference.md:109-115 references/quick-reference.md:115-118 references/quick-reference.md:118-125 references/quick-reference.md:125-130 references/quick-reference.md:130-138 references/quick-reference.md:138-141 references/quick-reference.md:141-152 references/quick-reference.md:152-164 references/quick-reference.md:164-175 references/quick-reference.md:175-178 references/quick-reference.md:178-183 references/quick-reference.md:183-188 references/quick-reference.md:188-191 references/quick-reference.md:191-195 references/quick-reference.md:195-198 references/quick-reference.md:198-201 references/quick-reference.md:201-206 references/quick-reference.md:206-213 references/quick-reference.md:213-216 references/quick-reference.md:216-223 references/quick-reference.md:223-226 references/quick-reference.md:226-233 references/quick-reference.md:233-236 references/quick-reference.md:236-244 references/quick-reference.md:244-248 references/quick-reference.md:248-260 references/quick-reference.md:260-265 references/quick-reference.md:265-279 references/quick-reference.md:279-282 references/quick-reference.md:282-297 references/quick-reference.md:297-303 references/quick-reference.md:303 references/quick-reference.md:303-304 references/quick-reference.md:304-305 references/quick-reference.md:305-323 references/quick-reference.md:323-335 references/quick-reference.md:335-339 references/quick-reference.md:339-354 references/usage-examples.md:8-10 references/usage-examples.md:10-13 references/usage-examples.md:13-22 references/usage-examples.md:22-33 references/usage-examples.md:33-35 references/usage-examples.md:35-38 references/usage-examples.md:38-42 references/usage-examples.md:42-53 references/usage-examples.md:53-55 references/usage-examples.md:55-58 references/usage-examples.md:58-63 references/usage-examples.md:63-74 references/usage-examples.md:74-77 references/usage-examples.md:77-80 references/usage-examples.md:80-87 references/usage-examples.md:87-101 references/usage-examples.md:101-107 references/usage-examples.md:107-110 references/usage-examples.md:110-112 references/usage-examples.md:112-115 references/usage-examples.md:115-126 references/usage-examples.md:126-129 references/usage-examples.md:129-132 references/usage-examples.md:132-145 references/usage-examples.md:145-147 references/usage-examples.md:147-150 references/usage-examples.md:150-153 references/usage-examples.md:153-169 references/usage-examples.md:169-172 references/usage-examples.md:172-175 references/usage-examples.md:175-184 references/usage-examples.md:184-196 references/usage-examples.md:196-210 references/usage-examples.md:210-222 references/usage-examples.md:222-230 references/usage-examples.md:230-245 references/usage-examples.md:245-258 references/usage-examples.md:258-273 references/usage-examples.md:273-274 references/usage-examples.md:274-275 references/usage-examples.md:275-284 references/usage-examples.md:284-287 references/usage-examples.md:287-290 references/usage-examples.md:290-292 references/usage-examples.md:292-295 references/usage-examples.md:295-299 references/usage-examples.md:299-302 references/usage-examples.md:302-304 SKILL.md:23-25 SKILL.md:25-29 SKILL.md:29-31 SKILL.md:31-42 SKILL.md:42-45 SKILL.md:45-47 SKILL.md:47-52 SKILL.md:52-54 SKILL.md:54-56 SKILL.md:56-58 SKILL.md:58-60 SKILL.md:60-62 SKILL.md:62-64 SKILL.md:64-66 SKILL.md:66-69 SKILL.md:69-73 SKILL.md:73-81 SKILL.md:81-87 SKILL.md:87-93 SKILL.md:93-140 SKILL.md:140-150 SKILL.md:150-159 SKILL.md:159-161 SKILL.md:161-177 SKILL.md:177-189 SKILL.md:189-191 SKILL.md:191-200 SKILL.md:200-201 SKILL.md:201 SKILL.md:201-202 SKILL.md:202-205 SKILL.md:205-220 SKILL.md:220-223 SKILL.md:223-229 SKILL.md:229-230 SKILL.md:230-231 SKILL.md:231-236 SKILL.md:236-245 SKILL.md:245-248 SKILL.md:248-257 SKILL.md:257-260 SKILL.md:260-276 SKILL.md:276-279 SKILL.md:279-288 SKILL.md:288-296 SKILL.md:296-314 SKILL.md:314-320 SKILL.md:320-337 SKILL.md:337-342 SKILL.md:342 SKILL.md:342-343 SKILL.md:343 SKILL.md:343-346 SKILL.md:346 SKILL.md:346-347 SKILL.md:347 SKILL.md:347-348 SKILL.md:348 SKILL.md:348-349 SKILL.md:349 SKILL.md:349-352 SKILL.md:352 SKILL.md:352-353 SKILL.md:353 SKILL.md:353-354 SKILL.md:354-357 SKILL.md:357-365 SKILL.md:365-399 SKILL.md:399-410 SKILL.md:410-414 SKILL.md:414-425 SKILL.md:425-430 SKILL.md:430-437 SKILL.md:437-440 SKILL.md:440-446 SKILL.md:446-468 SKILL.md:468-470 SKILL.md:470-472 SKILL.md:472-474
🌐 الوصول إلى الشبكة (13)
📁 الوصول إلى نظام الملفات (9)
🔑 متغيرات البيئة (27)
README.md:27 README.md:29 README.md:33 README.md:36 README.md:41 README.md:115 references/quick-reference.md:250 references/quick-reference.md:250 references/quick-reference.md:251 references/quick-reference.md:251 references/quick-reference.md:253 references/quick-reference.md:253 references/quick-reference.md:257 references/quick-reference.md:257 references/quick-reference.md:303 references/quick-reference.md:303 references/quick-reference.md:305 references/quick-reference.md:334 references/quick-reference.md:344 SKILL.md:66 SKILL.md:52 SKILL.md:54 SKILL.md:60 SKILL.md:62 SKILL.md:422 SKILL.md:442 SKILL.md:459
إصدار التدقيق 3
مخاطر منخفضةJan 10, 2026, 10:21 AM
Pure documentation/prompt skill with no executable code. External command references are for legitimate bioinformatics tool (SRAgent). Network calls described are to established scientific APIs (NCBI, PubMed, Europe PMC). No obfuscation, no credential theft patterns, no suspicious destinations.
6
الملفات التي تم فحصها
2,011
الأسطر التي تم تحليلها
4
النتائج
claude
تم تدقيقه بواسطة
مشكلات منخفضة المخاطر (1)
External command execution via bash tool
Skill instructs Claude to execute SRAgent commands via bash. While SRAgent is a legitimate bioinformatics tool, the pattern `bash_tool(command="SRAgent ...")` at SKILL.md:298-313 enables arbitrary command execution. An attacker who compromised this skill could modify commands to run malicious payloads. Mitigation: This is standard behavior for Claude skills interfacing with CLI tools.
عوامل الخطر
⚙️ الأوامر الخارجية (2)
🌐 الوصول إلى الشبكة (1)
🔑 متغيرات البيئة (1)
إصدار التدقيق 2
مخاطر منخفضةJan 10, 2026, 10:21 AM
Pure documentation/prompt skill with no executable code. External command references are for legitimate bioinformatics tool (SRAgent). Network calls described are to established scientific APIs (NCBI, PubMed, Europe PMC). No obfuscation, no credential theft patterns, no suspicious destinations.
6
الملفات التي تم فحصها
2,011
الأسطر التي تم تحليلها
4
النتائج
claude
تم تدقيقه بواسطة
مشكلات منخفضة المخاطر (1)
External command execution via bash tool
Skill instructs Claude to execute SRAgent commands via bash. While SRAgent is a legitimate bioinformatics tool, the pattern `bash_tool(command="SRAgent ...")` at SKILL.md:298-313 enables arbitrary command execution. An attacker who compromised this skill could modify commands to run malicious payloads. Mitigation: This is standard behavior for Claude skills interfacing with CLI tools.
عوامل الخطر
⚙️ الأوامر الخارجية (2)
🌐 الوصول إلى الشبكة (1)
🔑 متغيرات البيئة (1)
إصدار التدقيق 1
مخاطر منخفضةJan 10, 2026, 10:21 AM
Pure documentation/prompt skill with no executable code. External command references are for legitimate bioinformatics tool (SRAgent). Network calls described are to established scientific APIs (NCBI, PubMed, Europe PMC). No obfuscation, no credential theft patterns, no suspicious destinations.
6
الملفات التي تم فحصها
2,011
الأسطر التي تم تحليلها
4
النتائج
claude
تم تدقيقه بواسطة
مشكلات منخفضة المخاطر (1)
External command execution via bash tool
Skill instructs Claude to execute SRAgent commands via bash. While SRAgent is a legitimate bioinformatics tool, the pattern `bash_tool(command="SRAgent ...")` at SKILL.md:298-313 enables arbitrary command execution. An attacker who compromised this skill could modify commands to run malicious payloads. Mitigation: This is standard behavior for Claude skills interfacing with CLI tools.