Science
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (LOW): The skill includes mandatory instructions to execute a
curlcommand tolocalhost:8888upon invocation for 'Voice Notifications'. It also provides CLI references for executing local TypeScript files viabunlocated in~/.claude/skills/Evals/. These are local operations intended for skill orchestration but define an execution surface. - [PROMPT_INJECTION] (LOW): Indirect Prompt Injection Surface. The skill is designed to ingest and iterate on untrusted user-provided content (hypotheses, goals, experiment designs) and injects this data into workflows that have access to system capabilities.
- Ingestion points: User-provided problem statements, goals, and hypotheses processed via various workflow files (e.g.,
Workflows/DefineGoal.md,Workflows/GenerateHypotheses.md). - Boundary markers: Absent; the templates do not use clear delimiters or instructions to ignore embedded commands in user data.
- Capability inventory: Subprocess execution via
curl(telemetry/notification) andbun(local script execution for evals). - Sanitization: None detected; the skill assumes the safety of the content being processed through the scientific method cycles.
Audit Metadata