Skills
skills/wanshuiyin/auto-claude-code-research-in-sleep/serverless-modal/Gen Agent Trust Hub

serverless-modal

Pass

Audited by Gen Agent Trust Hub on Apr 3, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it interpolates user-supplied data from the $ARGUMENTS variable directly into its task context. This could allow a malicious user to provide a task description that influences the generated Python code or the shell commands executed by the agent.
  • Ingestion points: The $ARGUMENTS variable is used in the Task: $ARGUMENTS header within SKILL.md to define the agent's objective.
  • Boundary markers: None. There are no delimiters or instructions to ignore embedded commands within the user input.
  • Capability inventory: The skill uses the Bash tool to run CLI commands and the Write tool to create Python launcher scripts.
  • Sanitization: The skill does not implement any validation or sanitization logic for the task description before using it to guide script generation.
  • [COMMAND_EXECUTION]: The skill orchestrates remote compute by instructing the agent to perform local command execution, including package installation (pip install modal) and service interaction (modal run, modal deploy). It also generates Python scripts that utilize the subprocess module to execute local training files. These operations are consistent with the skill's primary purpose of serverless GPU compute management.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 3, 2026, 01:35 PM