regex-tester
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill processes untrusted user-provided regex patterns and text strings. While the current implementation only prints results, an attacker could provide input designed to influence subsequent agent actions if the agent processes the tool's output as instructions. * Ingestion points: args.regex and args.text in scripts/regex_tester.py. * Boundary markers: Absent. * Capability inventory: Printing results to stdout. * Sanitization: Absent.
- Metadata Poisoning (LOW): The SKILL.md file lists the official CPython repository as its source, which is misleading as this is not an official Python project tool.
- Dynamic Execution (LOW): Uses re.compile() on user-provided strings, creating a risk of Regular Expression Denial of Service (ReDoS).
Audit Metadata