qutip
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONREMOTE_CODE_EXECUTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill processes mathematical expressions provided as strings (e.g., 'cos(w*t)') for time-dependent Hamiltonians in solvers like
sesolveandmesolve. If an agent extracts these strings from untrusted sources (web scraping, user chat), it creates a vector for code injection during the runtime compilation phase. - Ingestion points: String arguments for Hamiltonian definitions in
references/time_evolution.md. - Boundary markers: Absent; the skill does not suggest delimiters or 'ignore' instructions for mathematical input.
- Capability inventory: Runtime compilation of strings into executable code via QuTiP's internal mechanisms.
- Sanitization: Absent; no mention of validating or sanitizing mathematical strings before processing.
- [Remote Code Execution] (HIGH): The
Result.load()function inreferences/time_evolution.mdis likely based on Python'spicklemodule, which is inherently unsafe. An attacker could provide a malicious.datfile that executes arbitrary code when loaded by the agent. - [Dynamic Execution] (MEDIUM): The skill emphasizes the use of 'string-based' time dependence for performance, which involves dynamic code generation and compilation at runtime.
- [External Downloads] (LOW): The skill recommends installing
qutip,qutip-qip, andqutip-qtrl. While these are legitimate scientific libraries, they are not on the pre-approved 'Trusted Sources' list provided in the analysis framework.
Recommendations
- AI detected serious security threats
Audit Metadata