Skills
skills/qredence/skills/dspy-gepa/Gen Agent Trust Hub

dspy-gepa

Fail

Audited by Gen Agent Trust Hub on Feb 24, 2026

Risk Level: HIGHREMOTE_CODE_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The evaluation script scripts/gepa_evaluate.py utilizes the eval() function to process the --module command-line argument. This allows for arbitrary Python code execution if a user or an agent provides a maliciously crafted string to the tool.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection during the scenario generation process.
  • Ingestion points: External data enters the prompt context via the --skill-description and --scenarios arguments in scripts/gepa.py.
  • Boundary markers: No specific delimiters or "ignore embedded instructions" warnings are used to isolate untrusted content from the system instructions.
  • Capability inventory: The script has the capability to write files to the local system as seen in scripts/gepa.py (line 301).
  • Sanitization: Input data is interpolated directly into DSPy signatures without any escaping or validation logic.
  • [EXTERNAL_DOWNLOADS]: The skill requires standard Python packages including dspy-ai, pyyaml, and jsonschema as noted in the installation instructions and import statements.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 24, 2026, 11:28 PM