Skills
skills/charpup/skill-security-auditor/malicious_code_execution_test/Gen Agent Trust Hub

malicious_code_execution_test

Fail

Audited by Gen Agent Trust Hub on Feb 26, 2026

Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The file TOOL.py contains the function execute_user_code which uses eval() to execute arbitrary code strings provided as input.
  • [COMMAND_EXECUTION]: The file TOOL.py contains the function dynamic_execution which uses exec() to run strings as code without any validation or sandboxing.
  • [COMMAND_EXECUTION]: The file TOOL.py contains the function compile_and_run which utilizes compile() and exec() to execute arbitrary source code.
  • [REMOTE_CODE_EXECUTION]: These functions expose the system to arbitrary code execution because an agent might pass untrusted data from user prompts or external sources directly into these execution primitives.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 26, 2026, 03:18 PM