climate-modeling
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- PROMPT_INJECTION (SAFE): The instructions in
SKILL.mddirect the agent to prioritize domain-specific patterns over generic approaches. This is a standard grounding technique for domain expertise and does not attempt to bypass safety filters or ignore system constraints. - EXTERNAL_DOWNLOADS (SAFE): While the code snippets reference external datasets (CMIP6), they do so via standard scientific library calls (e.g.,
load_cmip6). There are no suspicious network operations, credential exposures, or downloads from untrusted sources. - REMOTE_CODE_EXECUTION (SAFE): The reference files contain Python code snippets demonstrating climate data processing using libraries like
xarray,scipy, andxesmf. These are informational 'Gotcha' and 'Solution' examples for the agent and do not include any shell command execution or remote script fetching. - DATA_EXFILTRATION (SAFE): No sensitive file paths, environment variables, or hardcoded credentials were detected. The skill focuses exclusively on processing climate variables (e.g., 'tas', 'precip').
- INDIRECT_PROMPT_INJECTION (LOW): The skill is designed to process external climate datasets. While this is a data ingestion surface, the operations (mathematical modeling, regridding) have a low risk of code-level exploitation. The skill lacks 'write' capabilities to the filesystem or network, further limiting this surface.
Audit Metadata