Skills
skills/aperivue/medsci-skills/calc-sample-size/Gen Agent Trust Hub

calc-sample-size

Pass

Audited by Gen Agent Trust Hub on May 5, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [INDIRECT_PROMPT_INJECTION]: The skill collects parameters (e.g., effect sizes, means, standard deviations) directly from user input and incorporates them into R and Python scripts. These scripts are then executed using the Bash tool to generate results.
  • Ingestion points: User-provided values during 'Phase 2: Collect Parameters'.
  • Boundary markers: No explicit sanitization or boundary markers are defined to prevent shell metacharacters or malicious R/Python code from being injected through these parameters.
  • Capability inventory: The skill utilizes Bash, Write, and Edit tools, allowing for local file modification and command execution.
  • Sanitization: There are no instructions for the agent to validate or sanitize the user input before placing it into executable scripts.
  • [DYNAMIC_EXECUTION]: The skill is designed to generate statistical scripts at runtime and execute them via the shell.
  • Evidence: Phase 3 of the workflow explicitly directs the agent to 'Generate the R code... Run the R code via Bash to produce the actual result.'
  • Risk: While this is the primary function of the skill, executing dynamically generated code based on external input is a known attack surface.
Audit Metadata
Risk Level
SAFE
Analyzed
May 5, 2026, 12:27 PM
Security Audit — agent-trust-hub — calc-sample-size