ruleflow-generating-reusable-program

Warn

Audited by Gen Agent Trust Hub on Jun 19, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The workflow (Steps 1, 3, and 4) instructs the agent to profile and execute user-provided Pandas code alongside generated optimized versions. This process of executing arbitrary user-supplied code can lead to unintended command execution if the input contains malicious operations.
  • [EXTERNAL_DOWNLOADS]: The skill references an external GitHub repository 'github.com/ADAPT-uiuc/RuleFlow' and an arXiv paper '2602.09051v1'. The paper ID and the year 2026 are inconsistent with current real-world records, suggesting the resources are either future-dated or synthetic.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests and executes untrusted data (user code) to fulfill its optimization purpose. * Ingestion points: User-provided Python or Jupyter notebook code cells containing Pandas operations. * Boundary markers: The skill does not define specific delimiters or security wrappers to isolate the user code from the execution environment. * Capability inventory: The methodology explicitly requires code execution, profiling, and time-based measurement of code snippets. * Sanitization: There are no instructions for validating, escaping, or auditing the safety of the user-provided code prior to execution.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 19, 2026, 04:03 PM
Security Audit — agent-trust-hub — ruleflow-generating-reusable-program