Skills
skills/orchestra-research/ai-research-skills/ara-compiler/Gen Agent Trust Hub

ara-compiler

Pass

Audited by Gen Agent Trust Hub on May 1, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8). It is designed to ingest and process a wide variety of untrusted external inputs, such as PDF papers and GitHub repositories, which could contain malicious instructions meant to hijack agent behavior.\n
  • Ingestion points: SKILL.md interprets user-provided arguments as URLs or file paths to be read or cloned.\n
  • Boundary markers: Absent. The instructions do not specify the use of delimiters or provide warnings to ignore or sanitize embedded instructions within the source material.\n
  • Capability inventory: The agent has access to powerful system tools including Bash, Write, Edit, and Read.\n
  • Sanitization: No validation or sanitization of the external content is mentioned.\n- [EXTERNAL_DOWNLOADS]: The skill performs network operations to fetch or clone content from arbitrary external URLs provided by the user.\n
  • Evidence: SKILL.md defines a strategy to treat URL arguments as sources to "fetch or clone".\n- [COMMAND_EXECUTION]: The skill makes extensive use of shell tools (Bash, Glob, Grep) to navigate the file system and process data. These capabilities, while functional, elevate the risk associated with processing untrusted external data.
Audit Metadata
Risk Level
SAFE
Analyzed
May 1, 2026, 02:36 PM