env-and-assets-bootstrap
Pass
Audited by Gen Agent Trust Hub on Mar 30, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it processes untrusted content from repository files during environment setup. 1. Ingestion points: The skill reads 'environment.yml', 'requirements.txt', 'README.md', and various configuration files from a target repository path provided as input. 2. Boundary markers: No explicit delimiters or safety instructions are used to separate the untrusted repository content from the agent's logic. 3. Capability inventory: The skill can execute environment creation and package installation commands (conda, pip) which may trigger code execution via package setup scripts. 4. Sanitization: The skill does not perform sanitization or validation of the contents within the ingested repository files.
- [COMMAND_EXECUTION]: The script 'scripts/bootstrap_env.sh' executes shell commands to manage conda environments and install pip dependencies. These operations are standard for the skill's primary purpose of repo reproduction.
- [SAFE]: No evidence of credential exposure, data exfiltration, obfuscation, or persistence mechanisms was found in the skill's implementation.
Audit Metadata