skills/brycewang-stanford/awesome-agent-skills-for-empirical-research/robustness-table/Gen Agent Trust Hub
robustness-table
Pass
Audited by Gen Agent Trust Hub on May 16, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: Potential shell command injection in Step 6. The skill instructs the agent to run
uv run jupytext --sync notebooks/<name>.md, where<name>is derived from the<notebook>argument. If the input is not sanitized (e.g.,test.md; rm -rf /), it could lead to arbitrary command execution. - [PROMPT_INJECTION]: The skill reads and interprets content from external notebook files to identify regression specifications. This represents an indirect prompt injection surface where a malicious notebook could attempt to influence the agent's code generation or file writing behavior.
- Ingestion points: SKILL.md Step 1 (Read specified notebook file).
- Boundary markers: Absent. The agent is not instructed to treat the notebook content as untrusted data.
- Capability inventory:
Write,Edit,Bash(SKILL.md Steps 3, 4, 6). - Sanitization: Absent. There is no mention of validating or escaping the content found within the notebook before using it to generate new code or execute shell commands.
Audit Metadata