Skills
skills/housegarofalo/claude-code-base/pydantic-ai/Gen Agent Trust Hub

pydantic-ai

Fail

Audited by Gen Agent Trust Hub on Mar 15, 2026

Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The calculate tool in the 'Basic Tools' section uses the Python eval() function to process the expression argument provided by the LLM. Because the LLM's output can be influenced by untrusted user input, an attacker could use prompt injection to execute arbitrary system commands via Python's built-in functions.
  • [REMOTE_CODE_EXECUTION]: The implementation of the calculation tool allows for the dynamic execution of code strings generated by the model. This creates a vulnerability where remote instructions can lead to code execution on the host system running the agent.
  • [EXTERNAL_DOWNLOADS]: The skill documentation specifies the installation of the pydantic-ai package using pip install. While this is a legitimate library for the framework, it constitutes an external dependency that should be vetted for supply chain integrity in production environments.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 15, 2026, 11:09 AM