dspy
Warn
Audited by Gen Agent Trust Hub on Jun 29, 2026
Risk Level: MEDIUMREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill includes code examples that utilize dynamic execution, such as the
calculatetool inreferences/modules.mdandreferences/examples.mdwhich uses theeval()function on input strings. This pattern can lead to arbitrary code execution if inputs are not properly sanitized. - [REMOTE_CODE_EXECUTION]: The framework's
dspy.ProgramOfThoughtmodule, highlighted inSKILL.mdandreferences/modules.md, is designed to generate and execute Python code at runtime to solve problems, which introduces a dynamic execution attack vector. - [REMOTE_CODE_EXECUTION]: The installation instructions in
SKILL.mdprovide a method for downloading and installing the framework directly from a remote Git repository (https://github.com/stanfordnlp/dspy.git). - [PROMPT_INJECTION]: The skill describes building systems that process external and untrusted data (RAG and Agents), creating an indirect prompt injection surface.
- Ingestion points: Data enters the system via
dspy.RetrieveinSKILL.mdandreferences/examples.md, as well as tool outputs likesearch_wikipediainreferences/examples.md. - Boundary markers: The provided implementation examples do not use delimiters or explicit instructions to distinguish between system instructions and retrieved data.
- Capability inventory: The skill exhibits capabilities for dynamic code execution (
eval,ProgramOfThought) and file/database interaction (ChromadbRM). - Sanitization: No input validation or sanitization logic is demonstrated for handling data retrieved from external sources.
Audit Metadata