experiment-code
Pass
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses
subprocess.runto execute Python scripts (experiment.py,plot.py) that it generates or modifies at runtime, as defined in the execution loops inreferences/code-patterns.md. - [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection because it incorporates untrusted data into code that is subsequently executed.
- Ingestion points: Research plans, ideas, and error logs provided via the
$1input variable inSKILL.md. - Boundary markers: There are no explicit delimiters or instructions provided to the agent to distinguish between its own logic and potentially malicious instructions embedded within user-supplied ideas or logs.
- Capability inventory: The skill can write and read files in the project directory and execute shell commands via
subprocess.run. - Sanitization: No sanitization or code verification is performed on the generated scripts before execution.
Audit Metadata