abductive-monte-carlo
Warn
Audited by Gen Agent Trust Hub on May 14, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The
Justfilecontains a task that interpolates user-controlled variables directly into a shell command string. - Evidence: In
SKILL.md, theabduce-proofcommand:emacs --batch -l causal-catcolab --eval "(abductive-mcmc-infer-proof-history \"$(goal)\" 5000)". - Risk: The use of
$(goal)without sanitization allows an attacker to inject arbitrary Emacs Lisp or shell commands by providing a crafted goal string (e.g., using unbalanced quotes or command substitution). - [EXTERNAL_DOWNLOADS]: The skill refers to several external software packages and libraries required for its execution.
- Evidence: Mentions of Julia packages
Gay.jl,MonteCarloMeasurements, andAbductiveMC, along with the Emacs librarycausal-catcolab. - Note: These resources are documented as dependencies for the skill's logic.
Audit Metadata