coding-r
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill facilitates the execution of R scripts and system-level operations.
- Evidence: Usage of
source("script.R")to run external R files. - Evidence: Capabilities to build and initialize packages using
devtools::create(). - Evidence: Execution of web applications via
shiny::runApp(). - [EXTERNAL_DOWNLOADS]: The skill documentation describes mechanisms for downloading and installing external software dependencies at runtime.
- Evidence: Instructions to use
install.packages()for fetching libraries from the Comprehensive R Archive Network (CRAN). - [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection through the processing of external data sources.
- Ingestion points: The skill reads external data via
read_csv("data.csv")and configuration files viayaml.load_file("config.yml"). - Boundary markers: No explicit instructions or delimiters are provided to the agent to disregard instructions embedded within these data files.
- Capability inventory: The skill possesses high-impact capabilities including network requests (
httr::RETRY), package installation (install.packages), and environment variable modification (Sys.setenv). - Sanitization: There is no mention of sanitizing or validating the content of ingested CSV or YAML files before they influence program logic or are passed to other functions.
- [DATA_EXFILTRATION]: The skill handles sensitive credentials and possesses network capabilities.
- Evidence: Instructions for managing API keys via environment variables and YAML configuration files using placeholders like
$MY_API_KEY. - Evidence: Network connectivity is supported through the
httrpackage for making web requests.
Audit Metadata