denario
Warn
Audited by Gen Agent Trust Hub on Apr 16, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the
denario[app]package from a public registry usingpiporuvduring the setup process. - [COMMAND_EXECUTION]: The skill provides a command-line interface
denario runwhich executes a local web server to host a graphical user interface for research management. - [REMOTE_CODE_EXECUTION]: The core functionality includes a
get_results()method that executes computational experiments and generates visualizations based on AI-developed methodologies. This represents a dynamic code execution environment where agents generate and run scripts locally to produce research findings. - [PROMPT_INJECTION]: Indirect Prompt Injection vulnerability surface detected via the ingestion of untrusted research data.
- Ingestion points: Data enter the agent context through
set_data_description,set_idea, andset_methodfunctions inSKILL.md. - Boundary markers: There are no documented delimiters or instructions to the agent to ignore potentially malicious embedded instructions within the research datasets or methodologies.
- Capability inventory: The skill possesses capabilities to perform file system writes (
get_papergenerating LaTeX source) and execute generated code for computational analysis (get_results). - Sanitization: No evidence of input validation, escaping, or filtering of external content is provided in the skill definitions.
Audit Metadata