Skills
skills/lllllllama/ai-paper-reproduction-skills/env-and-assets-bootstrap/Gen Agent Trust Hub

env-and-assets-bootstrap

Warn

Audited by Gen Agent Trust Hub on May 10, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The script scripts/bootstrap_env.py uses subprocess.run to execute environment management commands including conda, mamba, and pip. This allows the execution of system-level tools to modify the environment.
  • [REMOTE_CODE_EXECUTION]: The skill facilitates the execution of third-party code located within a user-provided target repository. Specifically, if a setup.py file is detected, the skill executes pip install -e ., which runs the arbitrary Python code contained within the setup.py file under the current user's privileges.
  • [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection by parsing untrusted documentation and configuration files to determine its setup plan.
  • Ingestion points: scripts/plan_setup.py and scripts/prepare_assets.py read local repository files such as README.md, environment.yml, and various configuration files.
  • Boundary markers: The skill lacks explicit boundary markers or instructions to the agent to ignore potentially malicious directions embedded in the repository's documentation.
  • Capability inventory: scripts/bootstrap_env.py provides the capability to execute shell commands and install packages based on the parsed data.
  • Sanitization: No validation of file contents is performed before processing.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 10, 2026, 07:11 AM