numpy-low-level
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- Indirect Prompt Injection (MEDIUM): The skill provides patterns for processing external binary data and files using memory-unsafe functions. If an agent uses these patterns on data from an untrusted source, it creates a vulnerability surface where malformed input could lead to memory-based attacks or system instability.\n
- Ingestion points:
np.frombufferandnp.memmapused to load external content into memory inSKILL.md.\n - Boundary markers: No explicit delimiters or instructions to ignore embedded content are present in the provided snippets.\n
- Capability inventory: Use of
as_stridedandctypes.POINTERallows for direct memory access and potential corruption.\n - Sanitization: No input validation, shape checking, or stride verification is shown in the examples.\n- Dynamic Execution (MEDIUM): The use of
numpy.lib.stride_tricks.as_stridedandctypesallows an agent to bypass standard Python safety guards and directly manipulate raw memory.\n - Evidence: The skill encourages the use of
as_stridedfor zero-copy views, which the documentation itself warns can lead to memory corruption or crashes if bounds are miscalculated.\n - Evidence: The use of
ctypes.data_asexposes raw memory addresses for direct buffer manipulation.
Audit Metadata