conda-setup
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes several shell commands including
conda,pip, andsource. It performs automated installation of dependencies viapip install -r requirements.txtandpip install -e ., which results in the execution of code provided in the local project's configuration files.- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through its data ingestion process. It reads configuration data from untrusted local files such as.python-version,pyproject.toml, andsetup.py. Specifically: - Ingestion points: Reads Python version and dependency requirements from
.python-version,pyproject.toml, andsetup.py. - Boundary markers: None present; the skill treats content from these files as trusted parameters.
- Capability inventory: Uses
conda create,conda env list,source activate, andpip install. - Sanitization: There is no evidence of sanitization or validation of the version strings or environment names extracted from the files before they are interpolated into shell commands. This creates a surface where a maliciously crafted version string (e.g.,
3.10; rm -rf /) could lead to arbitrary command execution.
Audit Metadata