doppler-bench
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill defines several benchmark workflows that execute local scripts using
nodeandnpm. These include performance comparisons between different engines (tools/compare-engines.js) and vendor-specific benchmark runners (benchmarks/runners/transformersjs-bench.js). - [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection (Category 8) by interpolating untrusted data, such as model identifiers and configuration parameters, into shell commands.
- Ingestion points: Use of
MODEL_IDplaceholders and complex JSON configuration strings inSKILL.mdthat are passed as command-line arguments to the benchmark tools. - Boundary markers: No explicit boundary markers or instruction-guarding delimiters are identified in the command templates.
- Capability inventory: The skill facilitates the execution of local JavaScript tools (
tools/vendor-bench.js,tools/compare-engines.js) and npm-defined tasks (npm run bench) which interact with the system's compute resources. - Sanitization: No explicit sanitization or validation of the provided configuration JSON is visible within the skill definition, relying on the underlying tools to handle potentially malformed or malicious inputs.
Audit Metadata