performing-security-code-review
Fail
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The file assets/example_code_vulnerable.py contains a demonstration of insecure deserialization using the pickle module. Crucially, it includes a MaliciousClass with a reduce method that executes 'rm -rf /'. Even as an example, including destructive payloads in a skill's assets poses a significant risk if the agent or a user accidentally executes the script.
- [COMMAND_EXECUTION]: The skill requests Bash(cmd:*) permissions in SKILL.md, providing the AI agent with unrestricted command-line access to the host environment.
- [COMMAND_EXECUTION]: The command_injection_example function in assets/example_code_vulnerable.py utilizes subprocess.run(shell=True) with unsanitized input, which is a high-risk pattern that can be exploited for arbitrary code execution.
- [DATA_EXFILTRATION]: A path traversal vulnerability is present in assets/example_code_vulnerable.py within the path_traversal_example function. It uses os.path.join on raw user input, allowing unauthorized access to files across the filesystem.
- [PROMPT_INJECTION]: The skill's primary purpose is to analyze external, untrusted code. However, it lacks sanitization or boundary markers to prevent the agent from being influenced by instructions embedded within that code (Indirect Prompt Injection).
Recommendations
- AI detected serious security threats
Audit Metadata