Skills
skills/pluginagentmarketplace/custom-plugin-ai-red-teaming/code-injection/Gen Agent Trust Hub

code-injection

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFE
Full Analysis
  • PROMPT_INJECTION (SAFE): The skill contains many examples of prompt injection and code execution payloads (e.g., __import__('os').system('id'), DROP TABLE users). However, these are explicitly presented as test data for a security auditing tool and are not intended to be executed against the host or user environment.
  • UNVERIFIABLE_DEPENDENCIES (SAFE): No external package managers (npm, pip) or remote script downloads were detected. The Python script uses only standard libraries (re, typing, dataclasses).
  • DATA_EXFILTRATION (SAFE): While the skill mentions exfiltration vectors in its documentation (e.g., http_post to attacker.com), the actual implementation scripts do not contain network-outbound code or hardcoded credentials.
  • COMMAND_EXECUTION (SAFE): The scripts/test-code-injection.py file includes strings containing OS commands for testing purposes, but it does not invoke them using subprocess or os.system on the host machine; it only passes them as prompts to a model for validation.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:38 PM