fix-types
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (LOW): The skill uses the Bash tool to execute
uv run mypy, which is a standard development operation but involves shell access.- [PROMPT_INJECTION] (HIGH): The skill is vulnerable to Indirect Prompt Injection (Category 8) because it processes external data (source code and linter output) and has the capability to execute commands and modify files. An attacker could place malicious comments or code in a project that, when read by the agent, triggers harmful actions. - Ingestion points: Local Python source files and the stdout of the
mypycommand. - Boundary markers: None; code content and instructions are not delimited.
- Capability inventory: Execution of shell commands via
Bashand file system writes/modifications. - Sanitization: No automated sanitization or filtering is performed on the ingested content. The 'human-in-the-loop' approval step is the only mitigation provided.
Recommendations
- AI detected serious security threats
Audit Metadata