ntu-machines
Fail
Audited by Gen Agent Trust Hub on Apr 17, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill requires the user to perform privilege escalation to access hardware ports. Found in references/balance-machine.md: 'sudo usermod -aG dialout $USER'.\n- [COMMAND_EXECUTION]: The skill executes local scripts and CLI tools to manage machine operations. Found in SKILL.md and reference files: 'uv run --package balance-edge python edge/balance.py' and 'puda machine commands <machine_id>'.\n- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection through data-driven protocol generation. Evidence Chain:\n
- Ingestion points: The skill reads external data via 'read_csv_file' or 'read_csv' commands in references/opentrons-machine.md.\n
- Boundary markers: Absent; no instructions are provided to the agent to ignore commands within the CSV data.\n
- Capability inventory: The skill controls high-impact laboratory automation tasks including pipetting (aspirate/dispense) and camera operations.\n
- Sanitization: Absent; there is no validation or escaping of the content ingested from the CSV files.
Recommendations
- AI detected serious security threats
Audit Metadata