uloop-execute-dynamic-code
Warn
Audited by Gen Agent Trust Hub on May 6, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the terminal to execute C# code via a CLI tool:
uloop execute-dynamic-code --code '<code>'. This allows the agent to run arbitrary shell commands with strings it constructs at runtime. - [REMOTE_CODE_EXECUTION]: The core functionality of the skill is to write and execute code dynamically. While the instructions list 'Forbidden' namespaces like
System.IO.*, these restrictions are likely implemented as simple string-based blacklists at the tool level, which can often be bypassed using reflection or alternative C# namespaces. - [PROMPT_INJECTION]: The skill ingests untrusted user input via the
$ARGUMENTSplaceholder. There are no boundary markers or instructions to treat this input as data rather than instructions, creating a surface for indirect prompt injection where a user could trick the agent into generating malicious C# code that exfiltrates project data or modifies the host system.
Audit Metadata