tlaplus-guided-code-repair
Warn
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The workflow defined in
SKILL.mdinstructs the agent to execute arbitrary local commands such asmake testand./run_tests.shto validate generated repairs. This execution of local scripts is a high-risk pattern as it depends on the contents of the user's environment. - [COMMAND_EXECUTION]: The script
scripts/run_tlc.pyusessubprocess.runto execute the externaltlc2command-line tool. This involves executing a binary with arguments derived from user-provided file paths. - [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection through its trace parsing functionality. 1. Ingestion points: The
scripts/parse_tlc_trace.pyscript reads and parses potentially untrusted data from TLC trace files. 2. Boundary markers: There are no explicit delimiters or instructions provided to the agent to prevent it from obeying instructions that might be embedded within the trace data (e.g., in variable values). 3. Capability inventory: The skill has the capability to generate C++ code and execute local build/test commands. 4. Sanitization: No sanitization is performed on the extracted variable names or values before they are incorporated into generated code or explanations.
Audit Metadata