custom-indicator
Warn
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill is designed to generate and execute Python scripts using Numba's
@njitdecorator, which compiles Python code into machine code at runtime. This dynamic execution of agent-generated code represents an attack surface if the code generation logic is manipulated. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection through the user-provided indicator name argument.
- Ingestion points: The
{indicator_name}variable is derived directly from user input ($0). - Boundary markers: Absent. The indicator name is directly interpolated into file paths and Python source code without delimiters or safety warnings.
- Capability inventory: The skill possesses
Write,Edit, andBashpermissions, allowing it to create, modify, and execute files on the local filesystem. - Sanitization: Absent. There is no logic to sanitize the
indicator_name, which could allow for path traversal (e.g., using../../) or Python code injection if the name contains executable characters.
Audit Metadata