dspy
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [DYNAMIC_EXECUTION] (MEDIUM): The skill highlights the use of
dspy.ProgramOfThoughtincore/building-modules.md. This module programmatically generates and executes Python code at runtime to solve logic and math problems, which represents a significant execution vector if the model is influenced by malicious input.\n- [DATA_EXFILTRATION] (LOW): Multiple Python files, includingdspy_pex.py,dspy_pex_gen.py, andpex_data_loader.py, contain hardcoded absolute file paths (e.g.,/Users/mikhail/Cursor/Knowledge-Graph/data/). This exposes the local username and directory structure of the skill author's machine.\n- [INDIRECT_PROMPT_INJECTION] (LOW): ThePEXGeneratormodule indspy_pex_gen.pyprocesses external medical data and interpolates it into prompts without adequate sanitization or boundary enforcement.\n - Ingestion points:
pex_data_loader.pyreads fromCICM_SAQ.csvandSAQAtomic2.fixed.json.\n - Boundary markers: None; retrieved data is concatenated directly into the LLM context string.\n
- Capability inventory: The skill utilizes
dspy.Predict,dspy.ChainOfThought, anddspy.ProgramOfThought.\n - Sanitization: No escaping or validation is performed on the ingested medical content before prompt interpolation.\n- [EXTERNAL_DOWNLOADS] (LOW): In
applications/building-rag-pipelines.md, a hardcoded IP address (http://20.102.90.50:2017) is provided for a hosted ColBERTv2 retrieval service, creating a dependency on an unauthenticated external network resource.
Audit Metadata