darwin-dynamic-agentically-rewriting
Warn
Audited by Gen Agent Trust Hub on May 19, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute shell commands to run training scripts and benchmarks across multiple directories (e.g., 'Execute each agent's code in its isolated directory' in Step 6).
- [REMOTE_CODE_EXECUTION]: The core functionality involves generating and executing dynamic code variants through an LLM mutation process. This creates a recursive execution loop where the agent's logic is modified and then executed, which is a high-risk pattern for arbitrary code execution.
- [INDIRECT_PROMPT_INJECTION]: The skill processes variable data, including error tracebacks and performance metrics from executed code variants, which are fed back into subsequent mutation prompts.
- Ingestion points: Error tracebacks and performance metrics from executed code variants are ingested in Step 6 and Step 7 to inform the next generation of code.
- Boundary markers: The instructions do not specify any delimiters or boundary markers to separate the ingested performance data/errors from the mutation instructions in the prompt.
- Capability inventory: The agent is granted the capability to write to the filesystem (Step 5) and execute shell commands to run the resulting scripts (Step 6) across multiple 'agent' directories.
- Sanitization: There is no mention of sanitizing, validating, or linting the LLM-generated code mutations before they are written to disk and executed.
Audit Metadata