context
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION] (HIGH): The skill implements a system to compile and execute JavaScript and Python code from natural language strings (e.g.,
guard_js,guard_py). This functionality allows for arbitrary code execution within the host environment.- [COMMAND_EXECUTION] (HIGH): The skill metadata explicitly allowsread_fileandwrite_filetools. When combined with dynamic execution, this allows an attacker to read sensitive data or write malicious files to the filesystem.- [PROMPT_INJECTION] (HIGH): The skill converts untrusted natural language into executable code via theCOMPILE_EXPRESSIONmechanism. Evidence Chain: (1) Ingestion Points:sourcefield inCOMPILE_EXPRESSIONevent; (2) Boundary Markers: Absent; (3) Capability Inventory: File system access (read_file,write_file) and code execution; (4) Sanitization: Absent.- [DATA_EXFILTRATION] (MEDIUM): Utility functions likeworld.logandworld.emitprovide a path to leak data retrieved from the filesystem to the agent's output stream, which could then be exfiltrated.
Recommendations
- AI detected serious security threats
Audit Metadata