Skills
skills/zechenzhangagi/ai-research-skills/evaluating-cosmos-policy/Gen Agent Trust Hub

evaluating-cosmos-policy

Fail

Audited by Gen Agent Trust Hub on Mar 18, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill instructs users to clone and install a fork of the RoboCasa environment from an untrusted third-party GitHub repository (https://github.com/moojink/robocasa-cosmos-policy.git).
  • [REMOTE_CODE_EXECUTION]: Code downloaded from the unverified moojink repository is installed via uv pip install -e and then executed using python -m commands to perform environment setup and asset downloads.
  • [COMMAND_EXECUTION]: The skill provides a Python script block that programmatically creates a directory and configuration file at ~/.libero/config.yaml, which modifies the host system's environment.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 18, 2026, 01:31 AM