Skills
skills/jeremylongshore/claude-code-plugins-plus-skills/optuna-study-creator/Gen Agent Trust Hub

optuna-study-creator

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • Indirect Prompt Injection (HIGH): The skill possesses a high-risk attack surface as it is designed to process machine learning configurations and data. It lacks explicit boundary markers or input sanitization. Since the skill is granted Bash(python:*) and Bash(pip:*) permissions, malicious instructions embedded in untrusted ML data could trigger arbitrary code execution.
  • Command Execution (HIGH): The skill requests Bash(python:*) and Bash(pip:*) tools. While intended for ML tasks, these tools allow the agent to execute any Python code or shell commands, which is dangerous if the agent is influenced by malicious external content.
  • External Downloads (MEDIUM): The inclusion of Bash(pip:*) allows the skill to download and install packages from external registries. Without specific constraints or verification of packages, this enables the potential installation of malicious dependencies.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 05:46 AM