polyglot-integration
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [SAFE]: No malicious patterns or vulnerabilities were identified. The code snippets follow industry-standard practices for inter-process communication and foreign function interfaces.
- [COMMAND_EXECUTION]: The skill includes examples of executing external Python scripts via
child_process.spawn. While these are standard integration patterns, developers should ensure that script paths and arguments are not sourced from unvalidated external input to prevent command injection. - [PROMPT_INJECTION]: The skill demonstrates data exchange between different language environments, which introduces a potential surface for indirect prompt injection if the processed data is used to influence further agent actions.
- Ingestion points: Node.js reads data from the
stdoutof a Python child process. - Boundary markers: None present in the snippets.
- Capability inventory: The Node.js environment has the capability to spawn processes and execute code.
- Sanitization: No explicit sanitization or validation of the inter-process data is shown in the simplified examples.
Audit Metadata