Skills
skills/lllllllama/ai-paper-reproduction-skill/explore-code/Gen Agent Trust Hub

explore-code

Pass

Audited by Gen Agent Trust Hub on May 18, 2026

Risk Level: SAFEREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The script scripts/write_outputs.py dynamically loads a shared module write_explore_bundle.py from a relative path (../../../../shared/scripts/). While this appears to be a standard pattern for shared vendor utilities in this environment, it involves dynamic execution of code located outside the skill's own directory.
  • [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection because it processes content from external repositories and user-provided JSON configurations to plan and summarize code changes.
  • Ingestion points: scripts/plan_code_changes.py reads data from paths provided via --variant-spec-json, --idea-card-json, and --analysis-json, and it performs a recursive scan of the repository provided via the --repo argument.
  • Boundary markers: No explicit delimiters or instructions to ignore embedded commands were found in the processing logic.
  • Capability inventory: The skill has capabilities to read files and execute scripts.
  • Sanitization: Input data is parsed as JSON but the resulting content is used to build instructions and plans without explicit sanitization to prevent the interpretation of embedded malicious prompts.
Audit Metadata
Risk Level
SAFE
Analyzed
May 18, 2026, 10:23 AM
Security Audit — agent-trust-hub — explore-code