causal-scientist
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION] (SAFE): No instructions attempting to bypass safety filters or override system prompts were detected. The persona is strictly focused on causal inference domain knowledge.
- [DATA_EXFILTRATION] (SAFE): No network operations or access to sensitive local file paths (like credentials or SSH keys) were found.
- [REMOTE_CODE_EXECUTION] (SAFE): No patterns for downloading or executing remote scripts or packages were present.
- [COMMAND_EXECUTION] (SAFE): The skill does not invoke shell commands or subprocesses.
- [INDIRECT_PROMPT_INJECTION] (SAFE): While the skill is designed to audit user-provided Python code (e.g., in
/causal/**/*.py), it does so using static regular expressions. It does not ingest data from untrusted external sources (APIs/web) and lacks the exploitable capabilities (like networking or file-writing) necessary for an indirect injection attack vector.
Audit Metadata