batch-cohort
Warn
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: MEDIUMREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The script 'references/batch_template_generator.R' implements a dynamic code generation pattern. It clones a base R template and uses string substitution to inject values from a user-provided CSV file into new executable scripts. These generated scripts are then executed at runtime using the R 'source()' function. This creates an execution chain where untrusted data from input files directly influences executable code logic without validation or sanitization.
- [COMMAND_EXECUTION]: The skill requests and utilizes the 'Bash' tool to orchestrate the execution of generated R scripts and manage file system operations. This provides the agent with the capability to run arbitrary shell commands on the host environment as part of its normal workflow.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection. It ingests complex external data structures (methodology templates and combination matrices) which are used to construct subsequent agent actions and code. The absence of strict boundary markers or content validation for these inputs allows potentially malicious instructions to influence the agent's behavior during the batch generation phase.
Audit Metadata