skills/jeremylongshore/claude-code-plugins-plus-skills/setting-up-experiment-tracking/Gen Agent Trust Hub
setting-up-experiment-tracking
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs the
mlflowandwandbPython packages during the environment configuration phase. These are well-known, industry-standard libraries for experiment tracking. - [COMMAND_EXECUTION]: The skill is granted unrestricted access to the
Bashtool to perform environment setup, package installation, and potential tracking server initialization (e.g., starting a local MLflow server). - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface because it reads and analyzes project context to determine configuration settings. Maliciously crafted instructions hidden in project files could potentially influence the agent's behavior during the setup process.
- Ingestion points: Analyzes project context and user-provided configuration strings in
SKILL.md. - Boundary markers: No explicit delimiters or instructions are provided to the agent to ignore embedded commands within the analyzed project files.
- Capability inventory: The skill utilizes
Write,Edit, and unrestrictedBashtool access as defined inSKILL.md. - Sanitization: There is no evidence of input validation or content filtering for the data read from the project environment.
Audit Metadata