python-pro
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTIONNO_CODE
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill is designed to process untrusted external codebases, which creates a critical attack surface for malicious instructions hidden within comments or metadata to hijack the agent's behavior.
- Ingestion points: The 'Analyze codebase' step in
SKILL.mdis the primary entry point for untrusted data into the agent's context. - Boundary markers: Absent. The instructions do not define delimiters or provide warnings to the agent to disregard natural language instructions found within the code being reviewed.
- Capability inventory: The skill grants the agent the authority to implement code changes and execute validation suites (
pytest) and linting tools (mypy,ruff,black), which are high-privilege side effects when performed on unverified input. - Sanitization: Absent. There is no requirement to sanitize, escape, or validate the codebase content before it influences the agent's reasoning or code generation.
- [Command Execution] (MEDIUM): The skill explicitly directs the agent to execute shell commands for testing and validation (
pytest,mypy,black,ruff). Running these tools on potentially malicious codebases without isolation or sandboxing instructions poses a security risk. - [No Code] (SAFE): The analyzed skill package consists entirely of markdown instructions and metadata in
SKILL.md, containing no executable scripts, binaries, or configuration-level vulnerabilities.
Recommendations
- AI detected serious security threats
Audit Metadata