julia-pro
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): High vulnerability surface detected. The skill is designed to ingest untrusted external content and possesses high-privilege capabilities that could be exploited via injection.\n
- Ingestion points: The skill is designed to process user-provided Julia code for optimization, read external data files (CSV, Arrow, Parquet), and handle inputs via Web APIs (Genie.jl, Oxygen.jl).\n
- Boundary markers: Absent. There are no instructions to use delimiters or to ignore embedded commands within processed code or data files.\n
- Capability inventory: The skill possesses capabilities for file system modification (Package development, Project templates), network operations (Web development, APIs), and system-level interactions (DevOps, Docker, CI/CD pipelines).\n
- Sanitization: Absent. The instructions do not mandate sanitizing or validating external inputs before they are incorporated into code generation or executed via tools.\n- [Dynamic Execution] (MEDIUM): The behavioral instructions explicitly encourage the use of Julia's metaprogramming features, macros, and generated functions. While standard for high-performance Julia, these features provide a potent vector for executing logic constructed from untrusted external input if the agent is misled via indirect injection.
Recommendations
- AI detected serious security threats
Audit Metadata