dse-loop
Warn
Audited by Gen Agent Trust Hub on Apr 7, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill operates an autonomous execution loop that runs external programs provided in user arguments and dynamically generates custom Python scripts to parse outputs.\n
- Evidence: Phase 0 Step 5 instructs the agent to write 'dse_results/parse_result.py' and execute it. Phase 2 Step 3 executes arbitrary user-supplied commands under the 'Program' argument.\n- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because its autonomous logic depends on reading and interpreting content from untrusted source code and tool outputs.\n
- Ingestion points: Phase 0 Step 2a (reading source code to infer ranges) and Phase 2 Step 4 (reading program logs to extract metrics).\n
- Boundary markers: No delimiters or protective instructions are used to isolate untrusted data from the agent's workflow logic.\n
- Capability inventory: The agent has powerful capabilities including 'Bash(*)', 'Write', and 'Edit', which could be abused if the agent is misled by malicious content in project files.\n
- Sanitization: There is no requirement for validating or escaping content extracted from files or program outputs before use.
Audit Metadata