code-transfer
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: CRITICAL
Full Analysis
- Automated Alert Verification (SAFE): The automated scan flagged
logger.infoas a malicious URL. Manual analysis confirms this is a false positive;logger.infois a standard Python logging method used as a code example in the documentation, not a network resource. - File System Operations (SAFE): The
line_insert.pyscript includes path validation using.resolve()and a check for directory traversal patterns (..) to ensure file modifications remain within intended directories. - Command Execution (SAFE): The skill utilizes local scripts for its operations. There are no attempts to download or execute remote code, and no use of
sudoor other privilege escalation techniques. - Indirect Prompt Injection (LOW): As a code-transfer tool, the skill naturally ingests and writes arbitrary code snippets. While this creates a surface for indirect prompt injection if an attacker controls the source code being moved, the skill is intended for this purpose and includes basic safety checks on the destination paths.
Recommendations
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata