python-pro
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [INDIRECT_PROMPT_INJECTION] (HIGH): The skill is designed to ingest and review external Python codebases and requirements (e.g., 'Writing or reviewing Python 3.12+ codebases'). It lacks explicit boundary markers or instructions to ignore instructions embedded in the code it processes. This creates a high risk if the agent reviews malicious code containing hidden instructions (e.g., in comments or docstrings) to exfiltrate data or perform unauthorized actions via its broad capabilities.
- [DYNAMIC_EXECUTION] (MEDIUM): The skill explicitly masters 'metaprogramming and dynamic code generation' and 'plugin architectures'. While legitimate for advanced Python development, these patterns significantly increase the risk if the agent is influenced by malicious input to generate or execute dangerous dynamic code at runtime.
- [COMMAND_EXECUTION] (MEDIUM): The skill covers system-level operations including 'multiprocessing', 'Docker containerization', and 'Kubernetes deployment'. If triggered by indirect injection, these capabilities provide a wide surface for local environment compromise or unauthorized cloud operations.
Recommendations
- AI detected serious security threats
Audit Metadata