shapely-compute
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION] (SAFE): No instructions designed to override agent behavior, extract system prompts, or bypass safety filters were identified.
- [DATA_EXFILTRATION] (SAFE): No network operations (curl, wget, fetch) or access to sensitive local files (~/.ssh, .env) were found. The skill operates exclusively on geometric input provided by the user.
- [REMOTE_CODE_EXECUTION] (SAFE): The skill uses
uv run pythonto execute a local script. There are no patterns involving the download and execution of remote scripts or unverified third-party packages. - [OBFUSCATION] (SAFE): All content is in plain text. No Base64 encoding, zero-width characters, or homoglyph-based evasion techniques were detected.
- [INDIRECT_PROMPT_INJECTION] (LOW): The skill processes untrusted user input (WKT strings and coordinate lists) and passes them to a subprocess via command-line arguments.
- Ingestion points: Arguments such as
--coords,--geom,--g1, and--g2inscripts/shapely_compute.pycalls. - Boundary markers: Absent; inputs are passed directly as strings.
- Capability inventory: Execution of a local Python script via
uv run. - Sanitization: Not explicitly visible in the skill markdown; relies on the internal implementation of
scripts/shapely_compute.pyand the Shapely library's parser.
Audit Metadata