earth2studio-deterministic-forecast

Fail

Audited by Gen Agent Trust Hub on Jun 18, 2026

Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The script evals/environment/setup/bootstrap.sh modifies the system-wide /etc/environment file to append to the PATH variable. This action serves as a persistence mechanism that affects all users and sessions. Additionally, the script uses the REPO_ROOT variable without sanitization, which introduces a risk of path injection as highlighted in the skill's own benchmark report.
  • [EXTERNAL_DOWNLOADS]: The skill instructions and setup scripts perform several external network operations including fetching live documentation from nvidia.github.io and github.com/NVIDIA to verify APIs. Additionally, the bootstrap.sh script executes uv sync to download and install project dependencies from external package registries.
  • [PROMPT_INJECTION]: The skill's workflow depends on ingesting content from external URLs, creating a surface for indirect prompt injection.
  • Ingestion points: Documentation URLs in SKILL.md (e.g., prognostic models, data sources).
  • Boundary markers: None identified in the workflow for separating external documentation from instructions.
  • Capability inventory: The skill generates Python scripts that perform file system writes (ZarrBackend), complex computations on GPUs, and further network data fetching.
  • Sanitization: There is no evidence of sanitization or filtering applied to the fetched documentation content before it is processed by the agent.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Jun 18, 2026, 04:34 PM
Security Audit — agent-trust-hub — earth2studio-deterministic-forecast