convex-optimization
Pass
Audited by Gen Agent Trust Hub on Apr 5, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTIONNO_CODE
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the Bash tool to execute Python code and local scripts using the uv run command.
- [DYNAMIC_EXECUTION]: Python logic for optimization (e.g., scipy.optimize) is embedded in shell command strings and executed via python -c. It also executes a local script at scripts/z3_solve.py using a runtime harness.
- [INDIRECT_PROMPT_INJECTION]: The skill uses command templates that interpolate user-provided math functions into shell commands, creating a vulnerability surface. 1. Ingestion points: User-defined objective functions and constraints in SKILL.md. 2. Boundary markers: Absent; no delimiters or markers are used to wrap interpolated content. 3. Capability inventory: Subprocess execution via the Bash tool. 4. Sanitization: Absent; no validation or escaping of external content is performed.
Audit Metadata