rlm-distill
Pass
Audited by Gen Agent Trust Hub on Mar 19, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill uses role-play and override instructions to influence the agent's behavior: 'You ARE the distillation engine. You replace the local Ollama distiller.py script' and 'Never run distiller.py'.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface:
- Ingestion points: The agent reads the 'entire file' using the view_file tool for distillation.
- Boundary markers: Absent; the agent is not provided with delimiters or instructions to ignore embedded commands within the files it reads.
- Capability inventory: The agent has access to the Bash tool (command execution) and Write tool, along with the ability to execute Python scripts.
- Sanitization: Absent; no input validation or filtering is specified before the agent processes file content.
- [COMMAND_EXECUTION]: The skill uses the Bash tool to execute multiple local Python scripts for inventory, data injection, and batch processing: 'inventory.py', 'inject_summary.py', and 'swarm_run.py'.
Audit Metadata