agentscope
Warn
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides patterns and documentation for the
execute_shell_commandtool. This tool allows the AI agent to execute arbitrary shell commands on the host environment, posing a high risk of system compromise or data destruction if the agent is improperly prompted or suffers from injection. - [REMOTE_CODE_EXECUTION]: The skill documentation and example scripts (e.g.,
README.md,references/agents.md) include boilerplate code to registerexecute_python_code. This capability enables the agent to run arbitrary Python logic, which can be used to perform sensitive file operations, network requests, or bypass environmental constraints. - [DATA_EXFILTRATION]: Because the skill enables shell and code execution, there is a secondary risk of data exfiltration. An agent with these tools could be prompted to read sensitive local files (like environment variables or SSH keys) and send them to a remote server using tools like
curlorrequests. - [INDIRECT_PROMPT_INJECTION]: The skill author explicitly identifies a risk surface for indirect prompt injection in
SKILL.md. When using web-based tools (web_search,web_fetch), malicious content on a processed webpage could attempt to hijack the agent's logic to execute the high-privilege tools (shell/Python) enabled by this skill.
Audit Metadata