sympy
Warn
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill documents the use of 'lambdify' and 'autowrap' (found in 'SKILL.md' and 'references/code-generation-printing.md'), which generate and execute code at runtime. 'lambdify' creates Python functions from symbolic expressions, while 'autowrap' compiles C/Fortran source code and dynamically loads the resulting binary. These mechanisms can be exploited for arbitrary code execution if inputs are not strictly controlled.\n- [COMMAND_EXECUTION]: As described in 'references/code-generation-printing.md', 'autowrap' and 'ufuncify' trigger the execution of system compilers to build binary extensions at runtime during the agent session.\n- [REMOTE_CODE_EXECUTION]: The documentation in 'references/code-generation-printing.md' includes an example of using 'pickle.load()' for restoring saved expressions. This method is inherently insecure and can be exploited for arbitrary code execution when handling data from untrusted sources.\n- [PROMPT_INJECTION]: The skill exposes a surface for indirect prompt injection through its mathematical parsing utilities.\n
- Ingestion points: The 'parse_expr', 'parse_latex', and 'parse_mathematica' functions in 'references/code-generation-printing.md' ingest external string data for conversion into symbolic expressions.\n
- Boundary markers: No explicit boundary markers or 'ignore' instructions are used in the provided examples.\n
- Capability inventory: The skill utilizes 'lambdify', 'codegen', and 'autowrap' for dynamic code generation/execution and 'evalf' for numerical evaluation.\n
- Sanitization: No active sanitization or validation logic is implemented in the provided snippets, although the risks are acknowledged in the text notes.\n- [SAFE]: The skill includes a reference to K-Dense Web (k-dense.ai), which is a vendor resource managed by the authoring organization, K-Dense Inc.
Audit Metadata