metamorphic-property-extractor
Warn
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill invokes local Python scripts (
scripts/property_extractor.pyandscripts/verify_properties.py) via the command line to process files and generate property mappings. - [REMOTE_CODE_EXECUTION]: The core logic of the skill involves performing 'sample executions' of the target program (
function.py). If this target program is provided by an untrusted source, the agent may inadvertently execute malicious code during the analysis phase. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through the analysis of external code files.
- Ingestion points: The
--programargument accepts user-provided code files (e.g.,function.py) for analysis. - Boundary markers: No specific boundary markers or 'ignore' instructions are visible in the provided workflow to prevent the model from obeying instructions hidden in code comments.
- Capability inventory: The skill possesses file system access, local script execution capabilities, and the ability to execute the code it is analyzing.
- Sanitization: There is no evidence of sanitization or sandboxing for the 'sample executions' mentioned in the workflow.
Audit Metadata