Skills
skills/wangjing0/caudecode_skills/causal-inference-llm/Gen Agent Trust Hub

causal-inference-llm

Pass

Audited by Gen Agent Trust Hub on Mar 11, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The documentation (README.md, docs/INSTALL.md) encourages users to install a prerequisite library by cloning from a placeholder URL (https://github.com/yourusername/causalgraph.git). This pattern promotes the installation and execution of code from unverified sources.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes untrusted user-supplied strings without sufficient safeguards.
  • Ingestion points: User-provided variable names and factor lists are passed to ModelSuggester methods (e.g., suggest_domain_expertises in SKILL.md) and example scripts.
  • Boundary markers: The skill lacks explicit delimiters or system instructions to ignore embedded commands within the processed variable names.
  • Capability inventory: The skill writes to the local file system (generating HTML visualizations) and interacts with LLM APIs using provided reasoning logic.
  • Sanitization: There is no evidence of input validation or escaping for user-provided strings before they are interpolated into LLM prompts.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 11, 2026, 03:05 AM