experiment-design
Pass
Audited by Gen Agent Trust Hub on Apr 30, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns such as remote code execution, obfuscation, or credential harvesting were detected. The skill is entirely instructional.
- [DATA_EXPOSURE_AND_EXFILTRATION]: No exfiltration patterns detected. The skill defines a local project directory (~/cold-email-ai-skills/...) for saving experiment configurations, which is used for documentation and does not involve system-sensitive paths.
- [INDIRECT_PROMPT_INJECTION]: The skill establishes an attack surface by ingesting user-provided hypothesis strings and variable names.
- Ingestion points: User-defined hypotheses and experiment variables in SKILL.md.
- Boundary markers: Not present in the suggested YAML template.
- Capability inventory: File-write operations to local project paths; network operations are handled by external skills.
- Sanitization: No sanitization or validation logic is specified for the user-supplied content.
Audit Metadata