python-expert
Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- PROMPT_INJECTION (HIGH): The skill is susceptible to Indirect Prompt Injection (Category 8) as it is designed to analyze external, untrusted Python code.\n
- Ingestion points: Python source code, docstrings, and comments provided by users for review, debugging, or refactoring (SKILL.md).\n
- Boundary markers: Absent. The instructions do not define delimiters or provide warnings to the agent to disregard instructions within the code being analyzed.\n
- Capability inventory: The skill allows access to
WriteandBash(python:*)tools, enabling filesystem modification and arbitrary code execution.\n - Sanitization: Absent. There is no mechanism to sanitize or validate the external content before it is processed by the LLM.\n- COMMAND_EXECUTION (MEDIUM): Allowing the
Bash(python:*)tool provides a direct vector for code execution. While intended for legitimate debugging, it can be abused if the agent's logic is manipulated through instructions injected via code comments or strings.
Recommendations
- AI detected serious security threats
Audit Metadata