Skills
skills/wentorai/research-plugins/automation-skills/Gen Agent Trust Hub

automation-skills

Pass

Audited by Gen Agent Trust Hub on Apr 30, 2026

Risk Level: SAFEDATA_EXFILTRATIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [DATA_EXFILTRATION]: The export_redcap_records function in data-collection-automation/SKILL.md retrieves the REDCAP_API_TOKEN from environment variables and transmits it via a POST request to an arbitrary api_url parameter. If an agent is induced to use a malicious endpoint, this could lead to the exposure of the API token.
  • [COMMAND_EXECUTION]: The skill uses shell commands and system-level operations for automation:
  • research-workflow-automation/SKILL.md features a Snakemake workflow that uses curl to download data from URLs provided in a configuration file.
  • ai-scientist-v2-guide/SKILL.md includes instructions to use sudo apt-get install for system dependencies like LaTeX.
  • Persistence is encouraged through the use of crontab for scheduling recurring tasks in data-collection-automation/SKILL.md and research-workflow-automation/SKILL.md.
  • [PROMPT_INJECTION]: The skill involves processing untrusted external data which presents a surface for indirect prompt injection (Category 8):
  • Ingestion points: Processes survey data from Qualtrics and REDCap (data-collection-automation/SKILL.md), parses PDF research papers to extract methodology (paper-to-agent-guide/SKILL.md), and searches academic databases (datagen-research-guide/SKILL.md).
  • Capability inventory: Scripts within the skill can write files (to_csv, write), perform network operations (urllib.request), and execute shell commands (Snakemake).
  • Sanitization & Boundaries: No robust sanitization or boundary markers are implemented to prevent malicious instructions embedded in the external data from influencing the agent's logic or downstream actions.
  • [EXTERNAL_DOWNLOADS]: Several guides recommend downloading software from external sources:
  • Recommends cloning repositories from Microsoft, Sakana AI, and AimHub on GitHub.
  • Instructions include installing Python packages such as rdagent, aim, and kedro from standard registries.
  • These downloads originate from well-known services and organizations and are consistent with the skill's purpose.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 30, 2026, 12:17 PM