sympy
Warn
Audited by Gen Agent Trust Hub on Apr 16, 2026
Risk Level: MEDIUMREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: Deserialization of objects using the 'pickle' module.\n
- Evidence: The file 'references/code-generation-printing.md' demonstrates the use of 'pickle.load()' to restore saved SymPy expressions. This function is inherently insecure and can lead to arbitrary code execution if the input data is tampered with.\n- [REMOTE_CODE_EXECUTION]: Runtime code compilation and execution using 'autowrap' and 'ufuncify'.\n
- Evidence: 'references/code-generation-printing.md' includes instructions for compiling and wrapping C and Fortran code at runtime. This capability allows for the execution of dynamically generated binary code.\n- [COMMAND_EXECUTION]: Conversion of symbolic expressions into executable code functions.\n
- Evidence: The 'lambdify' and 'codegen' utilities in 'references/code-generation-printing.md' generate executable Python, C, or Fortran code from mathematical strings, creating potential vectors for code injection if input is not strictly validated.\n- [PROMPT_INJECTION]: Attack surface for processing untrusted mathematical strings through various parsers.\n
- Ingestion points: 'parse_expr', 'parse_latex', and 'parse_mathematica' functions in 'references/code-generation-printing.md'.\n
- Boundary markers: No delimiters or explicit warnings to the agent are implemented to isolate user-provided mathematical strings.\n
- Capability inventory: The skill has extensive capabilities including file writing, code generation, and runtime compilation.\n
- Sanitization: Although the documentation acknowledges that 'parsing user input' requires validation, no specific implementation logic is provided within the skill to prevent injection attacks.
Audit Metadata