Skills
skills/lebsral/dspy-programming-not-prompting-lms-skills/ai-taking-actions/Gen Agent Trust Hub

ai-taking-actions

Warn

Audited by Gen Agent Trust Hub on May 1, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
  • [COMMAND_EXECUTION]: The skill incorporates dspy.PythonInterpreter({}).execute(expression) to evaluate logic and math expressions. This pattern allows for the execution of arbitrary Python code defined in a string at runtime, which is a significant security risk if the input string is influenced by untrusted data.\n- [EXTERNAL_DOWNLOADS]: The documentation suggests installing additional tools using the command npx skills add lebsral/DSPy-Programming-not-prompting-LMs-skills --skill ai-do, which involves fetching and running external scripts from a remote repository.\n- [PROMPT_INJECTION]: The agents described in the skill are designed to take direct user input and use it to drive tool-calling and code-generation logic, creating a surface for indirect prompt injection.\n
  • Ingestion points: User-provided questions passed to the question parameter in the agent() or forward() methods.\n
  • Boundary markers: None explicitly provided in the core implementation examples; however, the skill suggests using dspy.Assert for post-execution checks.\n
  • Capability inventory: Network access (via requests and ColBERTv2) and arbitrary Python execution (via PythonInterpreter).\n
  • Sanitization: No input validation or output sanitization is shown before results are passed to tools or executed.\n- [DATA_EXFILTRATION]: The skill provides examples that perform network requests to an external IP address (http://20.102.90.50:2017) and the wttr.in service. These represent potential points for data egress from the agent's environment.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 1, 2026, 12:59 PM