denario
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill requires the installation of the 'denario[app]' package via pip or uv as documented in SKILL.md. Since this package and its author are not listed as trusted external sources, this constitutes an unverifiable dependency that poses a supply chain risk.
- [COMMAND_EXECUTION] (MEDIUM): The 'get_results()' function described in SKILL.md executes computational experiments and methodologies. This capability implies the use of dynamic code execution or subprocesses to run analysis scripts, which could be abused if the underlying methodology is malicious or manipulated.
- [PROMPT_INJECTION] (LOW): The skill identifies an indirect prompt injection surface through 'set_data_description' and 'set_method' in SKILL.md. 1. Ingestion points: User-provided research data and methodology scripts. 2. Boundary markers: Absent in the documentation. 3. Capability inventory: 'get_results' in SKILL.md executes experiments and analysis. 4. Sanitization: Absent. Malicious instructions embedded in the methodology could potentially influence the execution phase.
- [DATA_EXFILTRATION] (LOW): The 'LLM API Configuration' section in SKILL.md advises users to store API keys in '.env' files. While standard, this local storage of credentials creates a target for other malicious scripts or skills to read sensitive access tokens from the filesystem.
Audit Metadata