tooling
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (MEDIUM): Recommends the installation and use of 'pyscn', which is not a recognized or verified Python development tool. Recommending unverified third-party dependencies in a guide for automated agents can facilitate supply chain attacks.
- [REMOTE_CODE_EXECUTION] (HIGH): Provides instructions to run 'pytest', which executes arbitrary Python code within test files. This creates a direct path to RCE if the agent is instructed to run tests on a repository containing malicious content.
- [COMMAND_EXECUTION] (HIGH): Commands such as 'uv pip install' and 'pyscn analyze' execute subprocesses and install packages. These actions can be exploited to execute malicious payloads if the environment or project configuration is compromised.
- [PROMPT_INJECTION] (HIGH): Category 8 Indirect Prompt Injection. The skill ingests untrusted project files (**/*.py, pyproject.toml) and provides tools with execution capabilities (pytest, uv) without any boundary markers or sanitization logic. Mandatory Evidence: (1) Ingestion points: local .py and .toml files via globs; (2) Boundary markers: Absent; (3) Capability inventory: pytest (code execution), uv (package installation), ruff (file modification), pyscn (unverified execution); (4) Sanitization: Absent. This combination allows malicious instructions in the analyzed code to compromise the agent.
Recommendations
- AI detected serious security threats
Audit Metadata