linear-solvers
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): This skill is vulnerable to indirect prompt injection because it processes untrusted external data (matrix files and residual inputs) while maintaining high-privilege capabilities.
- Ingestion points: Processes .npy matrix files and user-provided numeric strings via CLI arguments in scripts/.
- Boundary markers: There are no explicit delimiters or instructions to the agent to ignore potentially malicious content within data files.
- Capability inventory: The skill allows the use of the Bash tool to execute Python scripts and the Write tool to modify the filesystem.
- Sanitization: The provided documentation does not specify any sanitization or validation logic for the ingested data.
- [Command Execution] (LOW): The skill naturally uses the Bash tool to run its internal numerical scripts. While this is the intended functionality, it provides a vector for escalation if the agent is manipulated via the data ingestion points mentioned above.
Recommendations
- AI detected serious security threats
Audit Metadata