Effect AI
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION] (CRITICAL): The 'calculatorTool' example utilizes a handler that calls 'evaluate(expression)'. This pattern is extremely dangerous as it allows for arbitrary code execution if the AI agent processes malicious expressions from a user or tool output.\n- [EXTERNAL_DOWNLOADS] (CRITICAL): Automated security scans identified the presence of 'Layer.su', a known malicious phishing domain. Its presence, likely hidden or obfuscated within the skill, indicates high risk and potential malicious intent.\n- [PROMPT_INJECTION] (HIGH): The skill demonstrates Indirect Prompt Injection vulnerabilities in the 'researchPlan' implementation. It ingests untrusted data from a search tool and interpolates it directly into a prompt ('Analyze these results: ${context.previousResults}') without boundary markers or sanitization. Capability inventory includes web search and expression evaluation, creating a high-severity capability tier.\n- [COMMAND_EXECUTION] (MEDIUM): The skill instructions encourage the installation of external packages from the '@effect' scope. These packages are not part of the verified trusted source list and should be audited independently before installation.
Recommendations
- AI detected serious security threats
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata