numerical-integration
Pass
Audited by Gen Agent Trust Hub on Apr 5, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute shell commands using the
uvtool to run Python scripts. This includes inline Python snippets usingpython -cand a local scriptscripts/sympy_compute.pymanaged byruntime.harness. While these are functional for math problem-solving, they involve direct interaction with the host shell. - [PROMPT_INJECTION]: An indirect prompt injection surface is present in the
Sympy_Integratetool command. The command structureuv run python -m runtime.harness scripts/sympy_compute.py integrate "{expression}"interpolates user-provided mathematical functions into a shell command. - Ingestion points: User-provided expressions for integration (e.g., "f(x)") in
SKILL.md. - Boundary markers: Expressions are enclosed in double quotes, which can be bypassed if the input contains shell metacharacters.
- Capability inventory: The skill has access to the
Bashtool anduvexecution environment. - Sanitization: No explicit sanitization or validation of the math expression is mentioned in the instructions, relying on the underlying agent or script to handle escaping.
Audit Metadata