python-type-hints-converter
Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: HIGHNO_CODEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill's primary function is to ingest and modify untrusted data (Python source code). This creates a Tier 2 attack surface where malicious comments or code patterns in the analyzed project could serve as an indirect prompt injection, potentially tricking the agent into performing unintended file modifications or data exposure.
- [No Implementation Code] (LOW): The provided files (
SKILL.mdandskill.yaml) contain only metadata and documentation. The actual scripts or logic responsible for the 'Automated analysis' and 'Integration with standard Python tooling' are not present, preventing a complete assessment of how user input and project data are handled. - [Command Execution] (MEDIUM): The skill metadata indicates it integrates with standard Python tools. If the agent invokes CLI tools (e.g., mypy, autotyping, or monkeytype) against a user-specified path without strict validation, it could be vulnerable to argument injection or, in the case of tools that execute code for type inference, arbitrary local code execution.
Recommendations
- AI detected serious security threats
Audit Metadata