minimal-run-and-audit
Warn
Audited by Gen Agent Trust Hub on May 10, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
- [DYNAMIC_EXECUTION]: The script
scripts/write_outputs.pyutilizesimportlib.utilto dynamically load and execute a Python module from a path computed at runtime (../../../../shared/scripts/write_run_bundle.py). This technique can be exploited to execute arbitrary code if an attacker can manipulate the filesystem structure or the contents of the target script. - [REMOTE_CODE_EXECUTION]: The script
scripts/run_command.pyfacilitates the execution of shell commands provided via CLI arguments. Although it usesshlex.splitto mitigate shell-level injection, it still allows for the execution of any binary or script present on the system, which is a significant risk if the commands are sourced from untrusted data. - [INDIRECT_PROMPT_INJECTION]: The skill's primary function involves ingesting and executing commands often found in repository documentation (e.g., README files). This creates an attack surface where a malicious repository could influence the agent's behavior to execute unauthorized or harmful commands.
- Ingestion points: Untrusted data enters the agent context through the reproduction goals and commands described in
SKILL.mdand repository files. - Boundary markers: Absent. The provided scripts do not implement mechanisms to distinguish between safe instructions and potentially malicious injected data.
- Capability inventory: The skill possesses capabilities for arbitrary subprocess execution and dynamic Python module loading.
- Sanitization: Absent. No validation or sanitization is performed on the commands before they are passed to the execution environment.
Audit Metadata