mirai
Pass
Audited by Gen Agent Trust Hub on May 16, 2026
Risk Level: SAFECOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill instructs the agent to ingest and analyze code provided by users, which creates an attack surface for indirect prompt injection.
- Ingestion points: User-provided code snippets or project descriptions are processed by the agent in SKILL.md.
- Boundary markers: The skill does not define specific delimiters or instructions to ignore embedded commands within user-provided content.
- Capability inventory: The agent is encouraged to generate R code utilizing the
miraipackage, which can perform local and remote command execution, file operations, and network connections. - Sanitization: No explicit sanitization or validation of user-provided code is mentioned before the agent processes it.
- [COMMAND_EXECUTION]: The core functionality described involves executing arbitrary R code in separate daemon processes. Examples demonstrate using
mirai()to run expressions that could interact with the host system or local environment. - [REMOTE_CODE_EXECUTION]: The skill provides extensive templates for setting up distributed computing across remote nodes using SSH, cluster schedulers (like Slurm or SGE), and HTTP launchers. While intended for parallel processing, these patterns facilitate code execution on external infrastructure.
Audit Metadata