performing-security-code-review
Fail
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The file 'assets/example_code_vulnerable.py' contains a functional demonstration of Remote Code Execution using insecure deserialization. The 'insecure_deserialization_example' function utilizes 'pickle.loads()' on untrusted data, and the script includes a pre-crafted malicious payload using the 'reduce' method to execute 'os.system'.
- [COMMAND_EXECUTION]: The file 'assets/example_code_vulnerable.py' includes a 'command_injection_example' function that uses 'subprocess.run(command, shell=True)', directly exposing the host system to shell injection attacks. This risk is amplified by the 'Bash(cmd:*)' tool access granted in 'SKILL.md'.
- [DATA_EXFILTRATION]: The 'path_traversal_example' in 'assets/example_code_vulnerable.py' allows for unauthorized file access by manipulating directory paths with '../' sequences, presenting a clear data exposure risk.
- [PROMPT_INJECTION]: The skill is highly susceptible to Indirect Prompt Injection. It is designed to process untrusted code snippets from users without sanitization or boundary markers while maintaining high-privilege tool access. 1. Ingestion points: 'SKILL.md' triggers on user-provided code for review. 2. Boundary markers: Absent. 3. Capability inventory: 'Bash(cmd:*)', 'Write', and 'Edit' tools in 'SKILL.md'. 4. Sanitization: No sanitization or input validation logic is present.
Recommendations
- AI detected serious security threats
Audit Metadata