Skills
skills/lllllllama/ai-paper-reproduction-skill/explore-code/Gen Agent Trust Hub

explore-code

Warn

Audited by Gen Agent Trust Hub on Apr 5, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The script scripts/write_outputs.py uses importlib.util to dynamically load and execute a module from a path computed at runtime (../../../shared/scripts/write_explore_bundle.py). This dynamic execution of code from outside the skill's package can be used to execute logic that is not visible during a static review of the skill's content.
  • [PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection due to its interaction with external research repositories.
  • Ingestion points: The skill ingests source code and markdown from research repositories mentioned in SKILL.md.
  • Boundary markers: There are no defined delimiters or instructions to ignore embedded prompts in SKILL.md or references/explore-policy.md.
  • Capability inventory: The skill can modify branches, write output files to explore_outputs/, and hand off execution to training tools like run-train.
  • Sanitization: No sanitization or validation of the external repository content is documented.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 5, 2026, 01:26 AM