Skills
skills/agentscope-ai/skills/agentscope-skill/Gen Agent Trust Hub

agentscope-skill

Fail

Audited by Gen Agent Trust Hub on Mar 27, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The script scripts/view_pypi_latest_version.sh retrieves metadata from the official PyPI registry and pipes the response directly to a Python interpreter to parse the version string.
  • [EXTERNAL_DOWNLOADS]: The skill instructions in SKILL.md direct the agent to perform a git clone of the agentscope-ai/agentscope repository from GitHub into the local environment to facilitate exploration of documentation and code examples.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface (Category 8) because it is designed to ingest and process data from an external repository while possessing code execution capabilities.
  • Ingestion points: Content from the repository cloned from github.com/agentscope-ai/agentscope (Step 1 in SKILL.md).
  • Boundary markers: Absent; the instructions do not specify the use of delimiters or warnings when the agent reads the cloned repository files.
  • Capability inventory: The skill provides and documents tools for execute_shell_command and execute_python_code (examples in SKILL.md and references/multi_agent_orchestration.md).
  • Sanitization: None; the agent is encouraged to read and adapt examples from the external repository directly.
  • [COMMAND_EXECUTION]: The skill includes a Python script scripts/view_module_signature.py that utilizes the inspect module to dynamically examine the structure and signatures of the agentscope library at runtime.
Recommendations
  • HIGH: Downloads and executes remote code from: https://pypi.org/pypi/agentscope/json - DO NOT USE without thorough review
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 27, 2026, 02:27 AM