submit-ara

Pass

Audited by Gen Agent Trust Hub on Jun 30, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill processes untrusted content from research directories (such as PAPER.md and exploration_tree.yaml), which creates a surface for indirect prompt injection.
  • Ingestion points: Files within the user-provided artifact directory are read to validate structure and extract metadata (Step 2 and Step 4 in SKILL.md).
  • Boundary markers: The instructions do not specify the use of clear delimiters or instructions to the agent to ignore embedded commands within the research data.
  • Capability inventory: The skill has access to powerful tools including Bash (with gh, git, and curl) and file system operations (Read, Write, Edit).
  • Sanitization: Metadata extraction is performed using Python regular expressions (defined in references/upload-and-hub.md), which provides basic structural validation but does not fully sanitize the content for all downstream agent logic.
  • [COMMAND_EXECUTION]: The skill dynamically generates and executes Python scripts using shell heredocs to parse metadata from the research artifact. While these scripts use standard library modules (re, sys, os), they represent dynamic execution based on file content.
  • [DATA_EXFILTRATION]: The skill transmits research metadata (title, authors, and repository location) to an external API (https://www.evolvinglab.ai/api/submit) via curl to register the artifact with the ARA Hub. This is a documented and primary function of the skill.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 30, 2026, 12:08 AM
Security Audit — agent-trust-hub — submit-ara