scienceworld-act
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION] (SAFE): No patterns detected that attempt to override the AI agent's instructions or safety guidelines.
- [DATA_EXFILTRATION] (SAFE): The skill does not access sensitive system files (e.g., SSH keys, credentials) or perform unauthorized network requests. It strictly interacts with the ScienceWorld environment object provided by the execution context.
- [REMOTE_CODE_EXECUTION] (SAFE): No remote code execution patterns or piped shell commands (e.g., curl|bash) were found. The dependency on 'scienceworld' is a known package for AI research.
- [INDIRECT_PROMPT_INJECTION] (LOW):
- Ingestion points: Observations are received from the
env.step(action)call intool.py. - Boundary markers: The observation text is returned within a structured dictionary but lacks explicit delimiters in the text body itself.
- Capability inventory: The skill is limited to simulation actions via the
scienceworldAPI and has no direct file-system or external network write capabilities. - Sanitization: No sanitization is performed on the observation text before returning it to the agent.
- [DYNAMIC_EXECUTION] (SAFE): The skill performs standard imports and uses
sys.path.insertto load local helper modules from its ownscriptsdirectory. No unsafe uses ofeval()orexec()were detected.
Audit Metadata