Skills
skills/amenti-labs/vibecraft/generating-terrain/Gen Agent Trust Hub

generating-terrain

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
  • [REMOTE_CODE_EXECUTION] (HIGH): The build(code=...) tool is a high-risk feature that executes Python code provided as a string. This creates a direct sink for arbitrary code execution if an attacker can influence the string passed to the tool, such as through indirect prompt injection or complex instructions.
  • [COMMAND_EXECUTION] (MEDIUM): The worldedit_deform tool accepts raw math expressions for terrain deformation. Similar to the build tool, this allows for dynamic evaluation of strings which can be exploited depending on the underlying implementation of the math parser.
  • [COMMAND_EXECUTION] (MEDIUM): Tools like worldedit_terrain_advanced and the procedural generation examples involve executing complex logic strings and Minecraft-specific commands, increasing the overall attack surface of the skill.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 01:29 PM