Skills
skills/lllllllama/ai-paper-reproduction-skills/explore-code/Gen Agent Trust Hub

explore-code

Warn

Audited by Gen Agent Trust Hub on May 10, 2026

Risk Level: MEDIUMREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: Dynamic code loading from computed paths.
  • The script scripts/write_outputs.py uses importlib.util to dynamically load and execute a Python module from a path calculated relative to the skill directory (../../../shared/scripts/write_explore_bundle.py). This pattern allows for the execution of code residing outside the skill's own directory.
  • [PROMPT_INJECTION]: Indirect prompt injection surface.
  • Ingestion points: The script scripts/plan_code_changes.py reads data from files provided via --idea-card-json and --analysis-json arguments.
  • Boundary markers: Absent; the script does not use delimiters or instructions to isolate or ignore instructions embedded within the processed data.
  • Capability inventory: The skill is authorized to perform exploratory code modifications and write output files to the repository.
  • Sanitization: Absent; data from external JSON files is interpolated directly into the output payload (e.g., in derive_target_location_map and derive_supporting_changes) which is used by the agent to plan and justify code changes.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 10, 2026, 07:12 AM