Skills
skills/cisco-ai-defense/skill-scanner/safe-calculator/Gen Agent Trust Hub

safe-calculator

Fail

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
  • [Dynamic Execution] (HIGH): In 'calculate.py', the 'calculate' function uses 'eval(expression)'. Passing unvalidated user-controlled strings to 'eval' is a classic vulnerability that enables arbitrary Python code execution.
  • [Dynamic Execution] (HIGH): In 'calculate.py', the 'process_formula' function uses 'exec()' to execute a dynamically constructed string. This provides a direct path for an attacker to run arbitrary logic within the application's context.
  • [Metadata Poisoning] (MEDIUM): The skill is titled 'safe-calculator' and described as a 'safe' way to evaluate expressions. This is deceptive, as the implementation lacks any safety controls and uses the most dangerous execution functions available in Python.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 17, 2026, 06:17 PM