cuopt-skill-evolution
Warn
Audited by Gen Agent Trust Hub on Jun 12, 2026
Risk Level: MEDIUMPROMPT_INJECTIONREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection Surface. The skill is designed to ingest user feedback, corrections, and workflow failures to propose modifications to its own logic or other skills. This creates a surface where malicious user input could potentially influence the agent's future behavior or safety rules.\n
- Ingestion points: User corrections, retry events, and undocumented behavior discovered during conversation (defined in
SKILL.mdTrigger conditions).\n - Boundary markers: The skill includes a 'Security rules' section and a 'Distillation checklist' to guide the agent in filtering out malicious or non-generalizable input.\n
- Capability inventory: The agent can propose changes to
SKILL.mdfiles and create or update Python code assets inassets/directories.\n - Sanitization: All proposed changes require explicit user approval before application ('Only apply after the user approves').\n- [PROMPT_INJECTION]: Deceptive Metadata. The skill's metadata and description claim it is authored by the 'NVIDIA cuOpt Team', whereas the authoritative author context for this analysis identifies the author as 'promptingcompany'. This discrepancy represents a potential metadata poisoning or impersonation attempt that could mislead users regarding the origin and trustworthiness of the skill.\n- [REMOTE_CODE_EXECUTION]: Dynamic Code Generation. The workflow includes a mechanism to 'distill' learnings into executable Python assets (.py files) stored in skill directories. While the skill includes instructions to avoid high-risk injection patterns (like
evalorexec), the generation of executable content based on user-influenced interactions represents a risk of introducing logic flaws or execution vectors into persistent system assets.\n- [COMMAND_EXECUTION]: Execution of CI Scripts. The skill instructions require that newly generated code assets must be validated using theci/test_skills_assets.shscript. This instructs the agent to execute shell commands to verify the integrity and functionality of dynamically generated code.
Audit Metadata