denario
Pass
Audited by Gen Agent Trust Hub on May 11, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill facilitates the execution of computational experiments through the
get_results()method, which runs code to perform data analysis and generate visualizations based on a methodology. - [EXTERNAL_DOWNLOADS]: Installation instructions refer to the
denariopackage from a registry and provide links to a GitHub repository and a Docker image. - [CREDENTIALS_UNSAFE]: The documentation guides users on setting up and managing API credentials for LLM providers using environment variables,
.envfiles, and JSON service account keys. These instructions follow standard configuration practices for developers. - [PROMPT_INJECTION]: The skill ingests untrusted content through several input methods, creating a surface for indirect prompt injection.
- Ingestion points: Data descriptions, research ideas, and methodology files are ingested via
set_data_description(),set_idea(), andset_method()as documented in SKILL.md and references/research_pipeline.md. - Boundary markers: No specific boundary markers or instructions to ignore embedded commands are documented for these inputs.
- Capability inventory: The skill can execute arbitrary code in the
get_results()stage, write files to the project directory, and interact with network APIs for literature searches. - Sanitization: No explicit sanitization or validation of the ingested research content is described before it is processed by the agents or executed.
Audit Metadata