Skills
skills/zechenzhangagi/ai-research-skills/ara-compiler/Gen Agent Trust Hub

ara-compiler

Pass

Audited by Gen Agent Trust Hub on May 18, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its core function of processing untrusted research inputs.
  • Ingestion points: The agent is instructed to read various untrusted files including PDF papers, GitHub repositories, experiment logs, and raw notes as specified in SKILL.md.
  • Boundary markers: No explicit delimiters or ignore instructions directives are used when processing external content.
  • Capability inventory: The agent has access to Bash, Write, Read, Edit, Glob, and Grep tools.
  • Sanitization: There is no evidence of sanitization or filtering of the input content before processing.
  • [EXTERNAL_DOWNLOADS]: The skill can fetch or clone external content from URLs provided in arguments, specifically identifying GitHub repositories as a common input type in SKILL.md.
  • [COMMAND_EXECUTION]: The skill utilizes shell-based tools (Bash, Glob, Grep) to perform discovery and analysis of research materials and directory structures.
  • [DATA_EXFILTRATION]: The skill performs network operations by fetching or cloning content from external URLs provided in arguments, which involves connecting to non-whitelisted domains.
Audit Metadata
Risk Level
SAFE
Analyzed
May 18, 2026, 11:33 PM
Security Audit — agent-trust-hub — ara-compiler