pymc
Pass
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: SAFEREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [DYNAMIC_EXECUTION]: The skill provides instructions and code templates that utilize the
picklemodule for object serialization and model persistence. - Evidence: Found in
references/workflows.mdand referenced inSKILL.md, the code demonstrates saving and loading model objects usingpickle.dump()andpickle.load(). - Risk: The
picklemodule is known to be insecure against maliciously constructed data. Executingpickle.load()on an untrusted file can lead to arbitrary code execution within the agent's environment. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to the way it processes external data and its available capabilities.
- Ingestion points: The skill templates in
assets/hierarchical_model_template.pyandassets/linear_regression_template.pyingest untrusted data from local CSV files viapd.read_csv(). - Boundary markers: There are no explicit boundary markers or instructions to the model to ignore embedded instructions within the ingested datasets.
- Capability inventory: The skill possesses extensive file system write capabilities, including generating diagnostic plots (
plt.savefig), exporting summary statistics (summary.to_csv), and saving binary model results (idata.to_netcdf). - Sanitization: No data validation, escaping, or sanitization logic is implemented for external content before it is processed by the analysis scripts.
Audit Metadata