Skills
skills/aipoch/medical-research-skills/skill-auditor/Gen Agent Trust Hub

skill-auditor

Warn

Audited by Gen Agent Trust Hub on Apr 30, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructions in SKILL.md (Step 5) direct the agent to execute arbitrary Python scripts (python scripts/<script_name>.py) and shell commands provided within the skill package being audited. This leads to the execution of untrusted, user-provided code in the agent's runtime environment.
  • [PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection. In Step 5, the auditor is explicitly instructed to 'Follow its [the target skill's] instructions as if you are Claude-with-this-skill'. This adoption of untrusted instructions allows a malicious target skill to bypass auditor constraints or influence its evaluation.
  • Ingestion points: Target skill's SKILL.md and script files.
  • Boundary markers: None used to delimit or neutralize target content.
  • Capability inventory: Subprocess execution, file system access, and agent reasoning.
  • Sanitization: No validation or sanitization is performed on the target skill's instructions or script parameters.
  • [REMOTE_CODE_EXECUTION]: The dynamic analyze process involves executing code from a third-party skill package, which represents a significant execution risk similar to Remote Code Execution if the source package is untrusted.
  • [COMMAND_EXECUTION]: The script scripts/evaluate_skill.py uses the compile() function to process source code from target scripts for syntax verification. This dynamic code compilation is a known pattern that can be used as a vector for execution.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 30, 2026, 03:14 PM