monaco-payslip-calculator
Warn
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute shell commands using direct variable interpolation (e.g.,
python3 scripts/payslip_calculator.py --gross-salary <amount>). If the user provides a malicious payload instead of a salary amount, it could lead to arbitrary command execution within the agent's environment. - [COMMAND_EXECUTION]: The workflow employs dynamic code execution via
exec(open('scripts/payslip_calculator.py').read())to load the calculation logic. While this loads a local script, dynamic execution patterns are inherently more difficult to monitor and secure than static imports. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection due to its processing of untrusted user data.
- Ingestion points: User-supplied fields including
gross monthly salary,employee type, andemployment statusfrom the primary interaction. - Boundary markers: The instructions lack boundary markers or delimiters (like XML tags or clear separators) to help the agent distinguish between user-provided data and the skill's operational instructions.
- Capability inventory: The agent has extensive capabilities including
Bashaccess, file modification (Write,Edit), and Python execution, which could be abused if an injection occurs. - Sanitization: There are no requirements or steps provided for the agent to sanitize, validate, or escape the user input before it is utilized in shell commands or Python logic.
Audit Metadata