Skills
skills/k-dense-ai/scientific-agent-skills/sympy/Gen Agent Trust Hub

sympy

Warn

Audited by Gen Agent Trust Hub on Apr 9, 2026

Risk Level: MEDIUMREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: Use of pickle.load() is documented for deserializing SymPy expressions from files in references/code-generation-printing.md. Unsafe deserialization can lead to arbitrary code execution if the input file is provided by an untrusted source.\n- [REMOTE_CODE_EXECUTION]: The skill documents the use of autowrap, ufuncify, and lambdify to generate and execute code at runtime. Specifically, autowrap compiles C or Fortran code and loads it into the Python environment, presenting a risk if the symbolic expressions are derived from untrusted user input. Evidence found in references/code-generation-printing.md.\n- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface through functions like parse_expr, parse_latex, and parse_mathematica which convert strings into SymPy objects. Evidence chain:\n
  • Ingestion points: String parsing functions in references/code-generation-printing.md.\n
  • Boundary markers: Not present in the provided documentation examples.\n
  • Capability inventory: Subprocess compilation (autowrap), dynamic execution (lambdify), and file system writes (open) in references/code-generation-printing.md.\n
  • Sanitization: Documentation warns of the need to "validate and sanitize" user input but does not provide implementation examples.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 9, 2026, 10:13 PM