dspy-optimize-anything

The skill documentation itself is not inherently malicious but contains example evaluators that execute untrusted candidate code via subprocess.run and exec() and then forward arbitrary ASI (including rendered images and stdout/stderr) to remote backends. This combination is a high-risk pattern: it permits arbitrary code execution on the host and an easy exfiltration channel to remote GEPA/VLM services. If users run these examples on untrusted candidates without sandboxing or strict resource/IO/network restrictions, sensitive data (files, credentials, environment variables) can be leaked. Recommend treating candidates as untrusted: run evaluators in strong sandboxes (container with no credentials, network disabled or proxied, limited filesystem), restrict ASI content, and avoid forwarding raw stdout/stderr or full images to external services unless necessary.