update-study
Pass
Audited by Gen Agent Trust Hub on Feb 24, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The Python utility
scripts/export_pdf.pyusessubprocess.runto execute well-known document processing tools includingpandoc,pdflatex,xelatex, andgrip. These executions are performed with structured argument lists and are confined to the local file system for the purpose of document conversion. - [EXTERNAL_DOWNLOADS]: The skill's documentation and export script reference several established third-party tools (Pandoc, WeasyPrint, LaTeX) and provide guidance on how to install them manually. These references target well-known open-source software and do not involve automated execution of untrusted remote code.
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it ingests untrusted data from experiment logs (
*.log) and processes it using LLM subagents. However, the risk is mitigated through several mechanisms: - Ingestion points: Experiment logs processed in Phases 0 and 1.
- Boundary markers: Present; the skill uses clear Markdown headers and structured templates to separate log data from agent instructions.
- Capability inventory: The skill can read/write local files and execute specific PDF conversion tools via
scripts/export_pdf.py. - Sanitization: Present; a dedicated
experiment-verifiersubagent is employed to cross-reference all extracted metrics against the source logs and validate the logical consistency of the output.
Audit Metadata