Skills
skills/voxel51/fiftyone-skills/fiftyone-code-style/Gen Agent Trust Hub

fiftyone-code-style

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION] (HIGH): The skill directs the agent to search and read content from an external repository (https://github.com/voxel51/fiftyone) to avoid redundant code. This creates a significant indirect prompt injection surface.
  • Ingestion points: Remote search results from https://github.com/voxel51/fiftyone referenced in SKILL.md.
  • Boundary markers: Absent. No instructions are provided to the agent to delimit or ignore instructions embedded in the external code it reads.
  • Capability inventory: The agent is tasked with writing and implementing Python code based on this external content, which constitutes a high-privilege write capability.
  • Sanitization: Absent. There is no validation or filtering of the content retrieved from the external repository.
  • [EXTERNAL_DOWNLOADS] (MEDIUM): The skill promotes the use of fou.ensure_package(), which functions as a runtime package manager to download and install third-party dependencies.
  • Evidence: SKILL.md contains code examples using fou.lazy_import("open3d", callback=lambda: fou.ensure_package("open3d")) and fou.ensure_import("pycocotools").
  • [REMOTE_CODE_EXECUTION] (MEDIUM): By using ensure_package, the skill enables the download and subsequent execution (via import) of arbitrary code from external package registries at runtime.
  • Evidence: The use of fou.lazy_import with an ensure_package callback in SKILL.md specifically triggers this behavior when the dependency is missing.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 12:49 PM