Skills
skills/ananddtyagi/cc-marketplace/math-tools/Gen Agent Trust Hub

math-tools

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION] (HIGH): The skill utilizes subprocess execution to run a Python script with unvalidated string arguments.
  • Evidence: The documentation explicitly instructs the agent to run python scripts/math_calculator.py <operation> <args...> where <args...> can be complex algebraic strings like `"(x**2
  • 1)/(x
  • 1)"` or system-style inputs.
  • [REMOTE_CODE_EXECUTION] (HIGH): There is a significant risk of remote code execution via expression parsing.
  • Evidence: SymPy's parsing functions (like sympify or parse_expr) are frequently configured to evaluate strings as Python code. Without explicit sanitization or a restricted environment mentioned in the skill definition, an attacker can supply strings such as "__import__('os').system('ls')" instead of a math problem.
  • [INDIRECT_PROMPT_INJECTION] (HIGH): The skill possesses a large attack surface for indirect injection.
  • Ingestion points: External content enters via the <args...> in math_calculator.py calls.
  • Boundary markers: Absent. The skill provides no instructions for the agent to validate or delimit the input before passing it to the CLI.
  • Capability inventory: The skill has direct shell execution capability via the python subprocess call.
  • Sanitization: None documented. The skill assumes all input passed to the calculator is safe mathematical notation.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 01:03 AM