Skills
skills/lllllllama/ai-paper-reproduction-skills/explore-run/Gen Agent Trust Hub

explore-run

Warn

Audited by Gen Agent Trust Hub on May 10, 2026

Risk Level: MEDIUMREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The script scripts/write_outputs.py utilizes importlib to dynamically load and execute a Python module from a path computed at runtime (../../../../shared/scripts/write_explore_bundle.py). This allows for the execution of arbitrary code located outside the skill's own directory.
  • [PROMPT_INJECTION]: The skill processes untrusted JSON data from the --spec-json argument and incorporates it into output files without sanitization, creating a surface for indirect prompt injection.
  • Ingestion points: scripts/plan_variants.py reads user-provided JSON files.
  • Boundary markers: No boundary markers or isolation instructions are present in the scripts to delimit the untrusted content.
  • Capability inventory: The skill possesses code execution capabilities in scripts/write_outputs.py.
  • Sanitization: No validation or escaping is applied to fields like base_command before they are written to outputs.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 10, 2026, 07:11 AM