denario
Warn
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The installation instructions direct users to download code from a third-party GitHub repository (
AstroPilot-AI/Denario) and a Docker image from an external account (pablovd/denario). - [REMOTE_CODE_EXECUTION]: The
get_results()method dynamically executes code generated by AI agents to perform data analysis and create visualizations, which presents a risk of executing unvetted or malicious logic. - [COMMAND_EXECUTION]: The skill provides a CLI command
denario runto launch a local web server (Streamlit) for the application interface. - [PROMPT_INJECTION]: The skill exposes an attack surface for indirect prompt injection via the
set_data_descriptioninput. Maliciously crafted data descriptions could influence the agents to generate and execute dangerous code during the analysis phase. - Ingestion points: The
set_data_descriptionmethod inreferences/research_pipeline.mdaccepts arbitrary text data. - Boundary markers: No explicit boundary markers or safety instructions are provided to separate user data from agent instructions.
- Capability inventory: The execution agent has the capability to run Python code via
get_results(). - Sanitization: There is no evidence of input validation or sanitization before the data description is processed by the agents.
Audit Metadata