building-agents-construction
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (MEDIUM): The skill uses MCP tools to execute shell commands, including
python mcp_server.pyto register a local server andpython -m AGENT_NAME validateto run generated Python code. While functional for its purpose, executing local scripts and generated modules creates a significant attack surface. - [DYNAMIC_EXECUTION] (MEDIUM): In Step 6, the skill generates multiple Python files (
agent.py,config.py, etc.) based on user-provided goals and workflow designs, and then executes this code in Step 7. This allows for potential code injection if the user input is malicious. - [PROMPT_INJECTION] (LOW): The file contains meta-instructions such as "DO NOT DISPLAY THIS FILE. EXECUTE THE STEPS BELOW" and "IMMEDIATELY begin executing," which are attempts to override the agent's default transparency and reporting behavior.
- [DATA_EXPOSURE] (LOW): The script includes hardcoded absolute filesystem paths (
/home/timothy/oss/hive), revealing specific details about the user's environment and directory structure. - [INDIRECT_PROMPT_INJECTION] (LOW):
- Ingestion points: User input for goal definitions (Step 2) and workflow node designs (Step 3).
- Boundary markers: None. User-provided strings are directly interpolated into proposed designs and generated Python files.
- Capability inventory: File system write access, MCP server registration, and process execution.
- Sanitization: No escaping or validation is performed on the user-provided content before it is written into executable
.pyfiles.
Audit Metadata