earth2studio-deterministic-forecast
Fail
Audited by Gen Agent Trust Hub on Jun 18, 2026
Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The script
evals/environment/setup/bootstrap.shmodifies the system-wide/etc/environmentfile to append to the PATH variable. This action serves as a persistence mechanism that affects all users and sessions. Additionally, the script uses theREPO_ROOTvariable without sanitization, which introduces a risk of path injection as highlighted in the skill's own benchmark report. - [EXTERNAL_DOWNLOADS]: The skill instructions and setup scripts perform several external network operations including fetching live documentation from
nvidia.github.ioandgithub.com/NVIDIAto verify APIs. Additionally, thebootstrap.shscript executesuv syncto download and install project dependencies from external package registries. - [PROMPT_INJECTION]: The skill's workflow depends on ingesting content from external URLs, creating a surface for indirect prompt injection.
- Ingestion points: Documentation URLs in
SKILL.md(e.g., prognostic models, data sources). - Boundary markers: None identified in the workflow for separating external documentation from instructions.
- Capability inventory: The skill generates Python scripts that perform file system writes (
ZarrBackend), complex computations on GPUs, and further network data fetching. - Sanitization: There is no evidence of sanitization or filtering applied to the fetched documentation content before it is processed by the agent.
Recommendations
- AI detected serious security threats
Audit Metadata