replay-oriented-instrumentation
Warn
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: MEDIUMCREDENTIALS_UNSAFECOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill encourages the recording of sensitive system state and I/O operations which can expose secrets.
- Evidence in
references/non-determinism.md: Recommends recording 'Environment variables', 'File read operations (content)', and 'System state'. - Evidence in
references/python-replay.md: Provides code to wrap__builtins__.openand record all read/write operations to log files. - [COMMAND_EXECUTION]: The skill utilizes invasive instrumentation techniques to modify program behavior at runtime.
- Evidence in
references/python-replay.md: Demonstrates monkey-patching core Python modules and built-ins, includingtime.time,random.random, andopen. - [DATA_EXFILTRATION]: The skill implements logic to capture and store execution data, creating a risk of sensitive data exposure.
- Evidence in
SKILL.md: Code snippets show recording function results and I/O to a localreplay.logfile without any sanitization or encryption. - [REMOTE_CODE_EXECUTION]: The skill recommends using unsafe deserialization methods for handling log data.
- Evidence in
references/replay-tools.md: TheReplayEngineclass example usespickle.load()to load event logs from disk. This is a known security vulnerability that allows for arbitrary code execution if the log file is sourced from an untrusted party. - [PROMPT_INJECTION]: The skill has an indirect injection surface as it is designed to process and replay external data (logs).
- Ingestion points:
replay.log,recordings.json. - Capability inventory: The skill has the ability to read/write files and execute shell commands (via tools like
rr). - Sanitization: No evidence of sanitization or validation of the log file contents before processing.
Audit Metadata