claude-api
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- REMOTE_CODE_EXECUTION (HIGH): The
calculatorToolintemplates/tool-use-advanced.tsuses the JavaScripteval()function to evaluate mathematical expressions provided by the AI. - Evidence:
const result = eval(input.expression);within therunmethod of thecalculatorTooldefinition. - Risk: Although the code includes a comment warning about the dangers of
eval(), providing it in a functional template makes it highly likely to be adopted in production. Since the AI generates theexpressioninput based on user prompts, an attacker could use indirect prompt injection to execute arbitrary code on the agent's host system. - PROMPT_INJECTION (LOW): The skill demonstrates a vulnerability to indirect prompt injection by exposing high-privilege capabilities to untrusted data without sanitization.
- Ingestion points: The
expressionproperty in thecalculatorToolinput schema (templates/tool-use-advanced.ts). - Boundary markers: Absent; the templates do not implement delimiters or 'ignore' instructions for the tool inputs.
- Capability inventory: Host-level JavaScript execution via the
eval()call intemplates/tool-use-advanced.ts. - Sanitization: Absent; the template relies on a code comment rather than implementing a safe mathematical parser or input validation.
Recommendations
- AI detected serious security threats
Audit Metadata