Skills
skills/lllllllama/ai-research-workflow-skills/explore-run/Gen Agent Trust Hub

explore-run

Warn

Audited by Gen Agent Trust Hub on Apr 14, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [DYNAMIC_EXECUTION]: The script scripts/write_outputs.py uses importlib.util to dynamically load and execute a Python module from a path calculated at runtime (../../../shared/scripts/write_explore_bundle.py). This technique allows for the execution of shared code that resides outside the skill's file structure. \n- [INDIRECT_PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by processing potentially untrusted research configurations. \n
  • Ingestion points: The scripts/plan_variants.py script reads experiment specifications from a JSON file provided via the --spec-json argument. \n
  • Boundary markers: There are no boundary markers or clear instructions provided to the agent to distinguish between configuration data and potentially malicious instructions. \n
  • Capability inventory: According to the SKILL.md file, the skill is intended to hand off task execution to high-capability tools such as minimal-run-and-audit and run-train, which can execute arbitrary shell commands. \n
  • Sanitization: The scripts/plan_variants.py script extracts fields like base_command from the input JSON and includes them in the execution plan without any sanitization or validation logic.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 14, 2026, 09:49 AM