math
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The skill utilizes the Bash tool to run local Python scripts stored in the project's
.claude/scriptsdirectory. This is the intended purpose of the skill and follows standard practice for executing specialized computation tools. - [PROMPT_INJECTION] (LOW): The skill contains an indirect prompt injection surface (Category 8).
- Ingestion points: The skill accepts natural language requests from users (e.g., equations or unit conversion strings) through triggers like 'calculate' and 'solve'.
- Boundary markers: The skill documentation provides examples of direct interpolation into shell command arguments (e.g., `solve "x**2
- 5*x + 6"`) but lacks instructions for the agent to sanitize or validate these strings, nor does it define explicit boundary markers to prevent command breakout.
- Capability inventory: The skill enables the
Bashtool, which could be abused if an attacker provides a math string containing shell metacharacters (e.g., backticks or semicolons) designed to escape the command quotes. - Sanitization: No input validation, escaping, or filtering logic is mentioned in the skill definition.
Audit Metadata