matlab
Pass
Audited by Gen Agent Trust Hub on Jun 14, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides detailed instructions and patterns for executing MATLAB and GNU Octave code via command-line interfaces such as
matlab -batchandoctave. These are documented as standard practices for automation and CI/CD workflows. - [EXTERNAL_DOWNLOADS]: The documentation includes instructions for installing GNU Octave using well-known package managers such as Homebrew (
brew install octave) and APT (sudo apt install octave), and provides links to official documentation for MathWorks and GNU Octave. - [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection because it is designed to ingest and process data from various external file formats (CSV, Excel, MAT, Text) which could contain malicious instructions.
- Ingestion points: Multiple file reading functions are documented in
references/data-import-export.md(e.g.,readtable,readmatrix,readcell,readlines,fileread,load). - Boundary markers: No explicit instructions for delimiters or 'ignore embedded instructions' warnings are provided for data ingestion.
- Capability inventory: The skill allows shell execution via CLI patterns, dynamic Python code execution (
pyrun), network access through Python integration (e.g.,requestslibrary), and file-write operations. - Sanitization: There are no documented sanitization or validation steps for content loaded from external files.
Audit Metadata