Skills
skills/sundial-org/skills/ai-co-scientist/Gen Agent Trust Hub

ai-co-scientist

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • COMMAND_EXECUTION (LOW): The skill automates scientific experimentation by writing and executing Python scripts. While this involves dynamic execution, it is the primary intended function of the skill. Execution is managed through the documented tree.py script.\n- EXTERNAL_DOWNLOADS (SAFE): The visualization template loads the p5.js library from a public CDN, which is a standard method for including web dependencies.\n
  • Evidence: assets/viz-template/template.html loads p5.min.js from cdnjs.cloudflare.com.\n- PROMPT_INJECTION (LOW): The scripts/visualize.py script generates an HTML report by injecting raw experiment data (including terminal output and analysis) into a template. This creates an indirect prompt injection surface where malicious experiment output could execute scripts in the user's browser (XSS).\n
  • Ingestion points: scripts/visualize.py reads data from project tree files (e.g., stage_3_iter_1.json).\n
  • Boundary markers: None present for the visualization data interpolation.\n
  • Capability inventory: The skill can execute local Python code and generate HTML reports.\n
  • Sanitization: Absent; data is placed into the HTML template without escaping for script context.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:08 PM