land-assembly-expert
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- REMOTE_CODE_EXECUTION (MEDIUM): The skill modules (budgeting.py, phasing.py) and the main script (land_assembly_calculator.py) use
sys.path.insert(0, ...)to dynamically include a directory located four levels above the skill's installation path (../../../../Shared_Utils). This pattern of dynamic loading from computed paths is risky; an attacker who can place files in that relative path on the host system could achieve local code execution when the calculator is run. - PROMPT_INJECTION (LOW): The skill is susceptible to indirect prompt injection (Category 8). It ingests untrusted data from a JSON file and interpolates fields like
project_nameand parceladdressdirectly into Markdown reports. If these reports are subsequently read by another AI agent, malicious instructions embedded in the JSON could influence that agent's subsequent actions. - Ingestion points:
load_and_validate_inputinvalidators.pyreads user-controlled JSON. - Boundary markers: Absent. Data is directly interpolated into Markdown strings in
output_formatters.pyand other modules. - Capability inventory: The script has file-write capabilities (
save_markdown_report,save_json_output) and executes local imports based on path manipulation. - Sanitization: No sanitization or escaping is performed on the input data before it is written to the output reports.
Audit Metadata