python-quality-tooling
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The skill instructs the agent to execute commands such as
uv run pytestandprek run -a. Sincepytestautomatically executes Python code found in test files, an attacker can achieve arbitrary code execution by placing malicious code in the repository being analyzed. - [EXTERNAL_DOWNLOADS] (MEDIUM): The skill recommends installing
prekviauv tool install prek. This tool is not from a verified or trusted source, posing a supply-chain risk. - [PROMPT_INJECTION] (HIGH): This skill is highly susceptible to Indirect Prompt Injection (Category 8).
- Ingestion points: Reads and processes the entire Python codebase, including source files and tests.
- Boundary markers: None are specified; the tools interact directly with raw file content.
- Capability inventory: Possesses the ability to execute subprocesses (
ruff,pytest,prek) and modify local files (ruff --fix). - Sanitization: No sanitization or safety checks are performed on the repository content before execution.
- [REMOTE_CODE_EXECUTION] (HIGH): The combined risk of running a tester (
pytest) on untrusted code and executing an untrusted third-party binary (prek) facilitates remote code execution on the environment where the agent operates.
Recommendations
- AI detected serious security threats
Audit Metadata