Skills
skills/primatrix/skills/exec-remote/Gen Agent Trust Hub

exec-remote

Pass

Audited by Gen Agent Trust Hub on Mar 14, 2026

Risk Level: SAFECOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes local shell scripts (launch_gpu.sh, launch_tpu.sh) and uses the SkyPilot CLI (sky) for infrastructure management.
  • [REMOTE_CODE_EXECUTION]: The skill's core functionality is to provision remote cloud instances and run user-specified scripts on them via sky launch and sky exec.
  • [PROMPT_INJECTION]: The skill presents an attack surface for indirect prompt injection by interpolating user-supplied arguments into shell commands and YAML configuration files.
  • Ingestion points: User-supplied accelerator_type, experiment_name, and script-path.
  • Boundary markers: No explicit delimiters or ignore-instruction warnings are used for the interpolated strings.
  • Capability inventory: The skill uses sky launch and sky exec to manage infrastructure and execute remote code.
  • Sanitization: While the experiment_name is cleaned with a sanitization function, the accelerator_type is used directly in sed operations, potentially allowing an attacker to manipulate the generated YAML configuration.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 14, 2026, 08:22 AM