second-order-odes
Pass
Audited by Gen Agent Trust Hub on Apr 5, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the
Bashtool to execute Python code viauv run. It calls a local scriptscripts/sympy_compute.pyand runs inline snippets usingscipy.integrate. These commands are used to solve mathematical problems based on user input.- [PROMPT_INJECTION]: The skill is subject to indirect prompt injection. User-provided mathematical expressions are interpolated into shell commands (e.g.,scripts/sympy_compute.py solve "[USER_INPUT]"). There are no boundary markers or sanitization steps defined to prevent a malicious user from escaping the string quotes to execute arbitrary shell commands.
Audit Metadata