tcm-meridian-inference
Pass
Audited by Gen Agent Trust Hub on May 20, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The script "scripts/tcm_api.py" uses "importlib" to dynamically load and execute the core logic from "scripts/infer.py" at runtime. Additionally, the skill's documentation instructs the agent to use the "exec" tool to perform shell-based network requests ("curl") against this local service.
- [DATA_EXFILTRATION]: The HTTP server implementation in "scripts/tcm_api.py" binds to "0.0.0.0", making the unauthenticated service accessible to any device on the local network. This represents a data exposure risk as any "subject" information (names, IDs) or sensitive health measurement data sent to the API could be intercepted by other local network actors.
- [PROMPT_INJECTION]: The skill processes external measurement data which is then interpreted by an AI agent, creating a surface for indirect prompt injection.
- Ingestion points: The "measurements" object processed by "scripts/infer.py" via the API.
- Boundary markers: Absent; measurement data is parsed and used directly to populate report templates without delimiters.
- Capability inventory: The agent is empowered to execute shell commands ("exec") to interact with the system.
- Sanitization: Input values are converted to floating-point numbers in "scripts/infer.py", but there is no validation for malicious content strings in metadata fields or unexpected value ranges that might influence the LLM's final report generation.
Audit Metadata