process-automated-builder
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface. Untrusted data extracted from scientific articles and supplemental files (downloaded via
scripts/origin/process_from_flow_download_si.py) is interpolated into multiple LLM prompts defined intiangong_lca_spec/process_from_flow/prompts.py(e.g.,EXCHANGES_PROMPT,EXCHANGE_VALUE_PROMPT). These templates do not utilize strict delimiters or specific instructions to ignore embedded malicious commands. This is notable as the LLM's structured output directly influences database actions via theDatabase_CRUD_Tool. - [EXTERNAL_DOWNLOADS]: The script
scripts/origin/process_from_flow_download_si.pydynamically fetches literature and supporting data fromdoi.organd related academic publisher domains. While these are established sources, the skill automatically processes this external content. - [COMMAND_EXECUTION]: The workflow orchestrates multiple stages by spawning subprocesses using
subprocess.run. For example,scripts/origin/process_from_flow_workflow.pyexecutes a chain of internal scripts, andtiangong_lca_spec/tidas_validation/service.pyinvokes thetidas-validatetool. While these calls are directed at internal or known tools, they operate on data derived from the automated pipeline.
Audit Metadata