atmospheric-science-research
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the
ncdumputility for inspecting metadata of NetCDF files within thereferences/plan.mdworkflow. This is a standard and safe practice in atmospheric science for verifying file structures before processing. - [EXTERNAL_DOWNLOADS]: The skill references several well-known scientific Python libraries including
xarray,dask,h5netcdf,netcdf4,cfgrib,flox,bottleneck,metpy,eofs,xesmf,scipy, andcmaps. These packages are standard in the research community. The skill's instructions explicitly caution against installing new packages during execution and favor existing project environments. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it ingests untrusted data from external NetCDF/GRIB files and has the capability to generate and execute Python scripts.
- Ingestion points: Metadata and data are read using
xr.open_datasetandxr.open_mfdataset(references/compute-acceleration.md) and inspected viancdump(references/plan.md). - Boundary markers: No explicit instructions are provided to the agent to treat metadata content as potentially untrusted strings.
- Capability inventory: The skill is designed to write and run Python scripts for computation and plotting (
SKILL.md,references/review.md). - Sanitization: There is no explicit sanitization of metadata values before they are used in labels, titles, or filenames. The risk is considered low due to the structured binary nature of the input formats.
Audit Metadata