MonteCarlo
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION] (HIGH): The skill is susceptible to indirect prompt injection through its ingestion of external financial data. 1. Ingestion points: 'Portfolio_Positions_.csv' and 'buy-ticket-.md'. 2. Boundary markers: Absent. 3. Capability inventory: Modification of 'dividend_margin_monte_carlo.py' and shell execution via 'uv run'. 4. Sanitization: Absent. An attacker controlling these files could inject instructions or code into the simulation logic.
- [REMOTE_CODE_EXECUTION] (HIGH): The AI is instructed to perform dynamic code modification followed by execution. Evidence: Steps in 'IncorporateBuyTicket.md' and 'RunSimulation.md' explicitly guide the AI to overwrite variables in a Python script with values from external files and then run that script. This allows malicious input to be executed as Python code.
- [COMMAND_EXECUTION] (MEDIUM): The skill utilizes shell commands like 'ls' and 'uv run' to manage files and trigger the simulation, which facilitates the execution of potentially injected code.
Recommendations
- AI detected serious security threats
Audit Metadata