experiment-bridge
Warn
Audited by Gen Agent Trust Hub on Apr 18, 2026
Risk Level: MEDIUMREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill is designed to clone external Git repositories using the
BASE_REPOparameter and execute code derived from them. It also generates new experiment scripts based on research plans and executes them via the/run-experimentcommand. - [COMMAND_EXECUTION]: The skill requests
Bash(*)tool access and utilizes it to perform file system operations, repository cloning, and script execution. It also suggests usingpip installto resolve missing dependencies during automated debugging phases. - [EXTERNAL_DOWNLOADS]: The workflow involves fetching external codebases through
git cloneand potentially downloading Python packages from public registries. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) due to its dependency on externally provided research documents.
- Ingestion points: The skill reads
EXPERIMENT_PLAN.md,FINAL_PROPOSAL.md, and other markdown files to determine experiment logic and parameters. - Boundary markers: There are no explicit instructions or delimiters used to prevent the agent from obeying malicious instructions embedded within the research plans.
- Capability inventory: The agent has broad capabilities including arbitrary file writing (
Write,Edit) and shell command execution (Bash,/run-experiment). - Sanitization: The skill does not describe any validation or sanitization logic for the content parsed from input files before it is used to generate executable code.
Audit Metadata