code-formatter
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION] (HIGH): Indirect Prompt Injection surface (Category 8).
- Ingestion points:
scripts/code_formatter.pyreads file content from user-specified paths usingopen(path, 'r'). - Boundary markers: Absent. There are no delimiters or instructions to ignore embedded commands within the files being formatted.
- Capability inventory: The skill possesses file write capabilities, using
open(path, 'w')to overwrite files on the local filesystem. - Sanitization: Absent. The tool does not sanitize or filter the content for potential AI instructions hidden in code comments or strings.
- [DATA_EXFILTRATION] (HIGH): Potential for Path Traversal.
- The script
scripts/code_formatter.pyaccepts arbitrary file paths via command-line arguments and performs read and write operations on them. It lacks validation logic to ensure paths are restricted to safe or intended directories, potentially allowing an attacker to manipulate the agent into reading or corrupting sensitive files (e.g.,../../.env). - [COMMAND_EXECUTION] (LOW): The skill requires executing a Python script in a shell environment, which is the intended design for this tool.
Recommendations
- AI detected serious security threats
Audit Metadata