Skills
skills/eyadsibai/ltk/crewai-agents/Gen Agent Trust Hub

crewai-agents

Warn

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
  • Dynamic Execution (MEDIUM): The 'CalculatorTool' example in the 'Custom Tools' section uses the Python 'eval()' function on the 'expression' argument. This allows for arbitrary code execution if the input provided by the agent (which may be influenced by external data) is not strictly validated.
  • Unverifiable Dependencies (MEDIUM): The skill instructs the installation of 'crewai' and 'crewai[tools]' using pip. These are external packages from a public registry (PyPI) and are not from the defined list of trusted sources.
  • Indirect Prompt Injection (LOW): The skill design relies on ingesting external, untrusted data via tools like 'ScrapeWebsiteTool', 'FileReadTool', and 'PDFSearchTool'.
  • Ingestion points: SKILL.md (via ScrapeWebsiteTool, FileReadTool, and PDFSearchTool references).
  • Boundary markers: Absent. There are no delimiters or instructions to ignore embedded commands in the processed data.
  • Capability inventory: Subprocess execution (via pip install), arbitrary code execution (via the eval-based CalculatorTool example), network access (via web scraping and search tools), and file system access (via FileReadTool).
  • Sanitization: Absent. No evidence of input validation or sanitization before passing data to the LLM or tool execution functions.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 17, 2026, 06:00 PM