zeroize-audit
Warn
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: MEDIUMREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill implements an automated pipeline where the '5-poc-generator' agent creates executable programs based on findings in the audited source code, which are then compiled and run by the '5b-poc-validator' agent. This represents a pattern of executing code generated from untrusted input.
- [COMMAND_EXECUTION]: The skill makes extensive use of the 'Bash' tool to orchestrate analysis scripts, run compilers like 'clang' and 'cargo', and execute the generated PoC binaries.
- [EXTERNAL_DOWNLOADS]: The skill utilizes 'uvx' to run the Serena MCP component, which involves fetching and running packages from external Python registries.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through the audited codebase. Ingestion points: The skill reads C/C++/Rust source code from a user-provided path. Boundary markers: No delimiters or specific 'ignore embedded instructions' warnings are documented to protect the agent's logic from instructions within the audited code. Capability inventory: The agent has access to 'Bash', 'Task', and 'Write' tools, along with the ability to compile and execute generated code. Sanitization: No sanitization of the input source code is documented prior to its use in the code generation and execution phases.
Audit Metadata