streamlit-app
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- REMOTE_CODE_EXECUTION (HIGH): The skill directs the agent to create Python scripts and modify configuration files to register them for execution, providing a mechanism for arbitrary code deployment on the host.
- DATA_EXFILTRATION (HIGH): The skill provides tools for direct database access and environment configurations. When combined with the mentioned HTTP request capabilities, this allows the agent to potentially query sensitive internal data and exfiltrate it.
- COMMAND_EXECUTION (HIGH): The documentation includes specific shell commands for running the environment and the generated code, facilitating local execution of agent-created scripts.
- PROMPT_INJECTION (HIGH): Category 8: The skill creates an attack surface where apps process untrusted external data (e.g., via
grapher_chart_from_urlin SKILL.md) without sanitization or boundary markers, while maintaining high-privilege capabilities like database access and file modification.
Recommendations
- AI detected serious security threats
Audit Metadata