pep8
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: CRITICALEXTERNAL_DOWNLOADS
Full Analysis
- [EXTERNAL_DOWNLOADS] (SAFE): The skill recommends installing standard Python linting and type-checking tools (
ruff,pycodestyle,mypy). These are industry-standard packages from the Python Packaging Index (PyPI) and are considered trustworthy. - [INDIRECT_PROMPT_INJECTION] (SAFE): The skill is designed to process user-provided Python code to check for style compliance. While this involves untrusted data ingestion, there is no evidence of unsafe execution (eval/exec) or capability exposure that would allow for an injection attack. Evidence:
- Ingestion point: Code provided by the user for style review.
- Boundary markers: The skill provides clear structural examples for code, which helps differentiate code from instructions.
- Capability inventory: The skill only provides documentation and references to external command-line tools; it does not contain scripts that execute user input.
- Sanitization: Not applicable as no execution occurs within the skill itself.
- [MALICIOUS URL ALERT] (SAFE): An automated scan flagged
logger.infoas a malicious URL. This is a false positive;logger.infois a method call in the Python logging module and is used here correctly in a documentation example regarding lazy string interpolation.
Recommendations
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata