python-coder
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill is designed to process untrusted Python code and interact with external URLs, creating a high-risk injection surface. 1. Ingestion points: File reading via the 'Read' tool and network data via 'aiohttp' examples. 2. Boundary markers: Absent. 3. Capability inventory: Tools include 'Bash', 'Write', and 'Edit'. 4. Sanitization: Absent.
- Command Execution (LOW): The skill provides instructions for running system-level commands through 'uv' and 'Bash'. While intended for development, these tools grant the agent extensive control over the local environment.
Recommendations
- AI detected serious security threats
Audit Metadata