run-train
Warn
Audited by Gen Agent Trust Hub on Apr 5, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill is designed to run arbitrary shell commands provided as training commands, which could be exploited if malicious commands are passed as input.
- [COMMAND_EXECUTION]: The script
scripts/write_outputs.pyusesimportlibto dynamically load and execute a Python module from a relative path (../../../shared/scripts/write_run_bundle.py). Loading code from computed paths is a dynamic execution technique that can be risky if the directory structure is manipulated. - [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection because it processes untrusted training commands and goals provided by the user or agent.
- Ingestion points: Inputs defined in
SKILL.mdinclude "runnable training command" and "selected training goal". - Boundary markers: Absent; there are no specific markers to delineate untrusted input from instructions.
- Capability inventory: Includes arbitrary command execution (training commands) and file system write access via
scripts/write_outputs.py. - Sanitization: None detected; the skill does not appear to validate or sanitize the training command before execution.
Audit Metadata