Skills
skills/danielmiessler/personal_ai_infrastructure/Science/Gen Agent Trust Hub

Science

Warn

Audited by Gen Agent Trust Hub on May 4, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is vulnerable to Indirect Prompt Injection. It instructs the agent in SKILL.md to load and apply instructions from the ~/.claude/PAI/USER/SKILLCUSTOMIZATIONS/Science/ directory to override default behavior.
  • Ingestion points: Files in ~/.claude/PAI/USER/SKILLCUSTOMIZATIONS/Science/ (e.g., PREFERENCES.md).
  • Boundary markers: None provided; the agent is simply told to apply the found resources.
  • Capability inventory: The skill workflows include execution of shell commands via curl, bun, docker, and psql (seen in SKILL.md, Workflows/DesignExperiment.md, and Examples.md).
  • Sanitization: No validation or sanitization is performed on the content of the loaded files.
  • [COMMAND_EXECUTION]: SKILL.md requires the execution of a curl command in the background (&) targeting localhost:8888 immediately upon skill invocation. This command is configured to suppress output (> /dev/null 2>&1).
  • [COMMAND_EXECUTION]: Workflows/DesignExperiment.md instructs the agent to run a local script using the bun run command.
  • [COMMAND_EXECUTION]: Examples.md provides templates for executing infrastructure and database commands like docker and psql.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 4, 2026, 06:00 PM