Skills
skills/arabelatso/skills-4-se/incremental-python-programmer/Gen Agent Trust Hub

incremental-python-programmer

Pass

Audited by Gen Agent Trust Hub on Mar 6, 2026

Risk Level: SAFECOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes shell commands to analyze the repository structure and run the pytest framework.
  • Evidence: python scripts/analyze_repo_structure.py <repo_path> and various pytest commands are documented in the workflow.
  • [REMOTE_CODE_EXECUTION]: The skill implements new Python functionality and executes it at runtime to verify its correctness.
  • Evidence: The workflow explicitly instructs the agent to implement a feature and then run pytest to execute that code.
  • [PROMPT_INJECTION]: The skill processes untrusted natural language descriptions and uses them to generate code that is subsequently executed, creating a surface for indirect prompt injection.
  • Ingestion points: Natural language feature descriptions and the content of files in the repository.
  • Boundary markers: No delimiters or specific safety instructions are used to distinguish the feature request from the system prompts.
  • Capability inventory: The skill has the ability to write Python files and execute them through a shell.
  • Sanitization: No sanitization or validation of the generated code is described before the testing phase begins.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 6, 2026, 10:20 PM