ablation-planner
Pass
Audited by Gen Agent Trust Hub on Apr 1, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through its ingestion of external project files and user-supplied arguments. -- Ingestion points: Method descriptions and experiment results are read from files including docs/research_contract.md, project CLAUDE.md, EXPERIMENT_LOG.md, and EXPERIMENT_TRACKER.md. -- Boundary markers: The skill lacks explicit boundary markers or instructions to ignore embedded commands within the processed data. -- Capability inventory: The skill possesses powerful capabilities including Bash, Write, and Edit tools. -- Sanitization: No sanitization or validation is performed on the data ingested or the generated ablation plans.
- [COMMAND_EXECUTION]: The skill dynamically generates and executes shell scripts and configurations based on plans provided by an LLM. While designed for ML experiments, this mechanism creates a risk of arbitrary command execution if the design phase is compromised by malicious instructions found in the processed documentation or logs.
Audit Metadata