maths
Warn
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (MEDIUM): The skill encourages an agent workflow that involves executing arbitrary Python code strings via 'python -c' and running scripts that take external strings as input. This provides a significant command execution capability that must be carefully managed.
- [REMOTE_CODE_EXECUTION] (MEDIUM): The scripts 'scripts/sympy_solve.py' and 'scripts/sympy_integrate.py' use 'sympy.sympify()' on user-provided arguments. Because 'sympify' utilizes 'eval()' internally, it is vulnerable to arbitrary code execution if a malicious string (e.g., containing 'import') is passed to the script.
- [PROMPT_INJECTION] (LOW): The skill is susceptible to indirect prompt injection. If an agent processes mathematical expressions from untrusted external sources, those expressions can trigger the code execution vulnerabilities mentioned above. Evidence Chain: 1. Ingestion points: sys.argv[1] in 'scripts/sympy_solve.py' and 'scripts/sympy_integrate.py'; 2. Boundary markers: Absent; 3. Capability inventory: Arbitrary Python execution via sympy.sympify; 4. Sanitization: Absent.
- [COMMAND_EXECUTION] (LOW): The 'install-by-os.md' documentation instructs the user or agent to use 'sudo' for system-wide package installation. While necessary for environment setup, it requires high-privilege command execution.
Audit Metadata