Skills
NYC
skills/microck/ordinary-claude-skills/Analyzing AgentScope Library/Gen Agent Trust Hub

Analyzing AgentScope Library

Warn

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • Unverifiable Dependencies (MEDIUM): The skill instructs the agent to clone the repository https://github.com/agentscope-ai/agentscope and install the Python package agentscope. While it prompts for user permission, the agentscope-ai organization is not on the predefined Trusted GitHub Organizations list.
  • Evidence: git clone -b main https://github.com/agentscope-ai/agentscope and pip install agentscope.
  • Indirect Prompt Injection (LOW): The skill reads arbitrary file content from a cloned external repository via cat and ls commands. This creates a surface where an attacker-controlled repository could inject instructions into the agent's context.
  • Ingestion points: File reads in docs/tutorials and examples folders.
  • Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present when reading external files.
  • Capability inventory: The skill can execute shell commands (git, pip, ls, cat) and run Python scripts (view_agentscope_module.py).
  • Sanitization: No evidence of sanitization or filtering of the content retrieved from the repository.
  • Command Execution (LOW): The skill executes a local Python script view_agentscope_module.py and various shell utilities. While these are part of the intended functionality, they represent a capability that could be abused if combined with malicious input.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 17, 2026, 06:21 PM