beazley-deep-python
Fail
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [OBFUSCATION]: The skill header contains a hidden binary string encoded using zero-width characters (U+200B, U+200C, U+200D) between word-joiner delimiters (U+2060, U+200D, U+2060). This is a high-severity finding as it allows embedding invisible data or instructions within the skill that are hidden from human reviewers.
- [DYNAMIC_EXECUTION]: The skill provides detailed patterns for advanced Python metaprogramming, including custom metaclasses and descriptors. While consistent with the David Beazley style, these features allow for dynamic modification of runtime behavior which can be leveraged maliciously if applied to untrusted inputs.
- [COMMAND_EXECUTION]: The code examples include direct file system operations (
open) and network interactions (aiohttp), granting the agent capabilities to read local files and communicate with external servers. - [INDIRECT_PROMPT_INJECTION]: The skill defines data ingestion points through file reading and URL fetching without implementing sanitization or boundary markers. This creates a surface where external content can inject instructions that influence the agent's behavior.
Recommendations
- AI detected serious security threats
Audit Metadata