performing-security-code-review
Warn
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill configuration in
SKILL.mdrequests theBash(cmd:*)permission, which allows the execution of any system command. This broad access level poses a significant risk if the agent's behavior is influenced by malicious input. - [REMOTE_CODE_EXECUTION]: The script
assets/example_code_vulnerable.pyincludes functional code for command injection usingsubprocess.run(shell=True). While labeled as an example, this function is executed when the script is run and can be leveraged to execute arbitrary code on the host system. - [REMOTE_CODE_EXECUTION]: The
assets/example_code_vulnerable.pyscript contains a demonstration of insecure deserialization usingpickle.loads(). Although the specific execution is commented out, the presence of this pattern in an executable script is a security concern. - [DATA_EXFILTRATION]: The
path_traversal_examplefunction inassets/example_code_vulnerable.pyis functional and allows reading arbitrary files by manipulating path components. The script demonstrates this by attempting to access files outside its intended directory. - [PROMPT_INJECTION]: The skill is designed to analyze external, untrusted code, making it vulnerable to indirect prompt injection (Category 8).
- Ingestion points: Processes user-provided code for security analysis as defined in
SKILL.md. - Boundary markers: No delimiters or instructions are present to prevent the agent from following commands embedded in the audited code.
- Capability inventory: Access to
Bash,Write,Edit, andGrepprovides a powerful set of tools for an attacker. - Sanitization: There is no evidence of input validation or content sanitization before processing audited files.
Audit Metadata