Skills
skills/omidzamani/dspy-skills/dspy-simba-optimizer/Gen Agent Trust Hub

dspy-simba-optimizer

Fail

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: CRITICALCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [Dynamic Execution] (MEDIUM): The calculate tool uses dspy.PythonInterpreter().execute(expr) to execute Python code at runtime. Although presented as a utility for the agent, executing code generated by an LLM based on user input is a significant security surface that can lead to command injection if the interpreter is not perfectly sandboxed.
  • [Network Operations] (LOW): The search tool performs network requests to a hardcoded IP address (http://20.102.90.50:2017). Use of IP-based URLs instead of registered domains is a common characteristic of development environments but can also be used to bypass simple domain-based filtering.
  • [Indirect Prompt Injection] (LOW): The skill implements a ResearchAgent that ingests untrusted data from both user questions and external search results.
  • Ingestion points: ResearchAgent.forward (input question) and search function (retrieved text).
  • Boundary markers: None identified in the prompt interpolation logic.
  • Capability inventory: Code execution via calculate tool and network access via search tool.
  • Sanitization: No evidence of input sanitization or output validation.
  • [Scanner False Positive] (SAFE): The automated scanner alert for logger.info is a false positive; it incorrectly identified a standard Python logging method as a malicious URL.
Recommendations
  • Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata
Risk Level
CRITICAL
Analyzed
Feb 17, 2026, 06:20 PM