master-milarepa
Pass
Audited by Gen Agent Trust Hub on May 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructions reference the use of local command-line tools (
scripts/cite.pyandscripts/query.py) for citation lookups and querying source texts. The source code for these scripts is not included in the provided file set, which represents an unverifiable dependency in the execution environment. - [REMOTE_CODE_EXECUTION]: The skill provides a directive to the agent to avoid reading the source code of the referenced auxiliary scripts to 'avoid context pollution.' While likely intended for token efficiency, this instruction serves to suppress oversight of the logic being executed by the agent's command-line tools.
- [PROMPT_INJECTION]: The skill processes user queries to retrieve and present religious teachings, creating an indirect prompt injection surface. This risk is addressed by a comprehensive 'HARD-GATE' mechanism that mandates the use of verifiable academic citations (e.g., BDRC IDs) for every claim and strictly prohibits the disclosure of 'esoteric instructions' or secret ritual steps.
Audit Metadata