Skills
skills/mims-harvard/tooluniverse/devtu-self-evolve/Gen Agent Trust Hub

devtu-self-evolve

Warn

Audited by Gen Agent Trust Hub on Mar 8, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTIONREMOTE_CODE_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface. \n
  • Ingestion points: Agent reports containing {json_args} as defined in references/persona-template.md. \n
  • Boundary markers: None identified; the skill directly interpolates agent output into CLI commands. \n
  • Capability inventory: CLI execution via python3 -m tooluniverse.cli, git, and gh. \n
  • Sanitization: None; the skill performs 'verification' by executing the suggested commands. \n- [COMMAND_EXECUTION]: The skill uses subprocess calls to run git, gh, ruff, and the tooluniverse CLI. The Phase 3 instructions to run commands using arguments provided by autonomous sub-agents presents a risk of command injection if those agents are influenced by malicious data. \n- [REMOTE_CODE_EXECUTION]: The skill uses python -c to dynamically import and check the syntax of generated code. It also executes tool logic in a CLI environment based on parameters derived from untrusted autonomous agents.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 8, 2026, 09:10 PM