pyre-code-ml-practice
Warn
Audited by Gen Agent Trust Hub on Apr 11, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The example code provided in the 'Adding a New Problem' section of
SKILL.mddemonstrates a grading mechanism using theexec()function:exec(submission_code, namespace). This function executes arbitrary Python code submitted to the grading service API, which could be exploited by a malicious user to perform unauthorized actions on the host system. - [EXTERNAL_DOWNLOADS]: The installation guide in
SKILL.mdinstructs users to clone an external repository (https://github.com/whwangovo/pyre-code.git) and run a shell script (setup.sh). This involves downloading and executing third-party code from a source outside of the skill's direct control.
Audit Metadata