puda-workflows
Pass
Audited by Gen Agent Trust Hub on Apr 16, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection by incorporating untrusted experimental data into prompts used by LLM-based optimizers.
- Ingestion points: User-provided target colors, volume ratios, and labware configurations enter the workflow in
references/colour-mixing-opt.mdandreferences/viscosity-optimization.md. - Boundary markers: Prompt templates within
scripts/optimizers.pyutilize markdown headers and clear role definitions to delineate data history from model instructions. - Capability inventory: The agent has the capability to execute shell commands (e.g., via
uv run), interact with local network hardware (Opentrons IP), and perform network requests to the OpenRouter API. - Sanitization: The
scripts/optimizers.pyimplementation performs JSON schema validation and validates numeric constraints, such as ensuring well volumes sum correctly. - [COMMAND_EXECUTION]: The skill instructions require running shell commands to interface with local laboratory equipment.
- Evidence: The file
references/viscosity-optimization.mdprovides instructions to launch a mass balance service using the commanduv run --package balance-edge python edge/balance.py. - [EXTERNAL_DOWNLOADS]: The skill documentation and scripts specify several external scientific and machine learning dependencies.
- Evidence: The workflow depends on the installation of
botorch,gpytorch,torch,openai,numpy, andPillow. - Vendor Context: The
balance-edgepackage is described as part of the vendor's (PUDAP) specialized laboratory setup for gravimetric feedback.
Audit Metadata