Skills
skills/willoscar/research-units-pipeline-skills/unit-executor/Gen Agent Trust Hub

unit-executor

Warn

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION] (MEDIUM): The skill's primary purpose is to dynamically invoke and run other skills based on configurations found in UNITS.csv.
  • Evidence: The Procedure section explicitly states 'Run the referenced skill'.
  • Risk: If an attacker can modify the local UNITS.csv, they can trigger the execution of unintended skills or manipulate the parameters of existing ones.
  • [PROMPT_INJECTION] (LOW): The skill is vulnerable to Indirect Prompt Injection through its data ingestion pipeline.
  • Ingestion points: Data is read from UNITS.csv (unit names, inputs, outputs, and acceptance criteria).
  • Boundary markers: None present; the skill does not use delimiters to separate the instructions in the CSV from its own logic.
  • Capability inventory: The skill can execute subprocesses (other skills) and modify workspace files (UNITS.csv, STATUS.md).
  • Sanitization: No sanitization or validation of the content within UNITS.csv is performed before processing or execution.
  • [DYNAMIC_EXECUTION] (MEDIUM): The run.py script modifies sys.path and dynamically imports the tooling.executor module from a path calculated relative to the script's location.
  • Evidence: sys.path.insert(0, str(repo_root)) followed by from tooling.executor import run_one_unit in scripts/run.py.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 17, 2026, 06:06 PM