pyjail
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The skill provides explicit code snippets to execute shell commands through
os.system(), which can be used to read sensitive files (e.g., 'cat flag.txt') or gain shell access viabreakpoint(). - [PROMPT_INJECTION] (HIGH): The skill's stated purpose is to 'Escape Python sandbox restrictions' and bypass 'filtered input challenges,' which aligns with techniques used to override AI safety guardrails and ignore system constraints.
- [REMOTE_CODE_EXECUTION] (HIGH): It details multiple methods for arbitrary code execution using
eval(),exec(), and sophisticated Python class hierarchy manipulation to regain access to blocked built-in functions. - [OBFUSCATION] (MEDIUM): The skill teaches the agent how to use character encoding (
chr()) and string concatenation to hide malicious intent from simple static keyword filters.
Recommendations
- AI detected serious security threats
Audit Metadata