math-hwpx
Warn
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: MEDIUMCOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The script
scripts/graph_generator.pyuses theeval()function to process mathematical expressions provided in the problem data. - File:
scripts/graph_generator.py - Evidence:
y = eval(expr, {"__builtins__": {}, "np": np, "x": x, ...}) - Risk: Using
eval()on strings derived from input data (likeproblems.json) is risky. Although the execution environment is restricted, sophisticated payloads can sometimes escape Python sandboxes to execute unauthorized code. - [EXTERNAL_DOWNLOADS]: The skill requires several common Python libraries to be installed in the environment.
- Packages:
matplotlib,numpy,scipy,lxml. - Context: These are well-known libraries used for graphing, numerical computation, and XML processing. The skill does not perform unauthorized network requests or download remote scripts during its execution.
Audit Metadata