agentscope-skill
Fail
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The script
view_pypi_latest_version.shfetches version information from PyPI's official JSON API. - [EXTERNAL_DOWNLOADS]: The skill instructs the agent to clone the official AgentScope repository from GitHub (
github.com/agentscope-ai/agentscope) to provide local access to examples and API references. - [COMMAND_EXECUTION]: The framework examples in
SKILL.mdand the reference guides explicitly registerexecute_shell_commandas a tool within the agent's toolkit. - [REMOTE_CODE_EXECUTION]: The skill enables agents to execute arbitrary Python code via
execute_python_code, which is a fundamental feature of the AgentScope framework for tool use and reasoning. - [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface due to its data ingestion patterns.
- Ingestion points: The skill directs the agent to clone and browse the contents of an external GitHub repository (
SKILL.md). - Boundary markers: There are no explicit instructions or delimiters telling the agent to ignore instructions that might be present in the cloned repository's example files or documentation.
- Capability inventory: The skill provides access to powerful tools like
execute_shell_commandandexecute_python_code(SKILL.md,deployment_guide.md). - Sanitization: There is no evidence of sanitization or safety checks performed on the contents of the cloned repository before the agent processes them.
Recommendations
- HIGH: Downloads and executes remote code from: https://pypi.org/pypi/agentscope/json - DO NOT USE without thorough review
Audit Metadata