unit-executor
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection via the 'UNITS.csv' file. • Ingestion points: Task definitions and dependencies are loaded from 'UNITS.csv' (SKILL.md). • Boundary markers: No explicit delimiters or instructions are used to separate untrusted data from agent instructions. • Capability inventory: The skill is authorized to execute other referenced skills and modify workspace files (SKILL.md). • Sanitization: No validation or filtering of the CSV content is implemented in the provided script or logic.
- [COMMAND_EXECUTION]: The skill dynamically invokes and runs other skills as part of its pipeline based on configuration found in the workspace, which can lead to complex execution chains controlled by external data (SKILL.md, scripts/run.py).
Audit Metadata