ai-research-reproduction
Pass
Audited by Gen Agent Trust Hub on May 10, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The orchestrator script 'scripts/orchestrate_repro.py' uses 'subprocess.run' to execute shell commands extracted from the target repository's README file. This is a core feature of the skill, and risk is mitigated by the skill's policy of choosing minimal reproduction targets and requiring human oversight.- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes untrusted content (README files and repository code) to derive its execution plan.\n
- Ingestion points: Repository files are parsed by 'repo-intake-and-plan' sub-skills and the resulting commands are processed in 'scripts/orchestrate_repro.py'.\n
- Boundary markers: 'SKILL.md' and associated policy files (e.g., 'references/research-safety-principles.md') enforce a 'README-first' approach and mandate human review before the agent proceeds with training or semantic code changes.\n
- Capability inventory: The skill uses 'subprocess.run' to execute commands and 'sys.executable' to run local helper scripts.\n
- Sanitization: The orchestrator uses 'shlex.split' to parse extracted commands, reducing the risk of simple shell injection via manipulated command strings.
Audit Metadata