explore-run
Warn
Audited by Gen Agent Trust Hub on May 18, 2026
Risk Level: MEDIUMREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [DYNAMIC_EXECUTION]: The file
scripts/write_outputs.pydynamically loads a Python module at runtime. It usesimportlib.utilto load and execute a script located at../../../shared/scripts/write_explore_bundle.py. This pattern of loading code from a computed relative path is a security risk as it allows for the execution of arbitrary code if the target directory or file is manipulated.\n- [INDIRECT_PROMPT_INJECTION]: The skill exposes an attack surface for indirect prompt injection via data ingestion.\n - Ingestion points: The
scripts/plan_variants.pyscript reads a JSON specification file through the--spec-jsoncommand-line argument.\n - Boundary markers: The script does not implement specific delimiters or 'ignore' instructions to isolate the ingested JSON data from the agent's logic.\n
- Capability inventory: The skill has the capability to rank variants and prepare output files, and it hands off execution to other scripts which may perform training or system commands.\n
- Sanitization: While the script performs basic data type conversion (e.g.,
safe_float), it lacks robust schema validation or sanitization of the input JSON contents.
Audit Metadata