reviewing-python-libraries
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- REMOTE_CODE_EXECUTION (HIGH): The skill instructs the agent to clone untrusted repositories and run
pytest. Pytest automatically executes code found within the repository, such asconftest.pyor test files, allowing a malicious repository to achieve arbitrary code execution on the agent's environment. - EXTERNAL_DOWNLOADS (HIGH): The 'Quick Health Check' section suggests
git clone https://github.com/user/package, which directs the agent to download content from untrusted, user-defined external sources without verification or integrity checks. - COMMAND_EXECUTION (HIGH): The skill recommends using
pip installon the library being reviewed. If the library is malicious, this can trigger arbitrary code execution during the installation process viasetup.pyor other build hooks. - REMOTE_CODE_EXECUTION (HIGH): This skill has a high-risk attack surface for Indirect Prompt Injection as it processes and executes untrusted data. Mandatory Evidence Chain: 1. Ingestion points: External git repositories via
git clone(SKILL.md). 2. Boundary markers: Absent; there are no instructions to isolate the code or ignore embedded commands. 3. Capability inventory:git clone,pytest(arbitrary execution),pip install(arbitrary execution) (SKILL.md). 4. Sanitization: Absent; the skill lacks any sandboxing or static-only analysis requirements before execution.
Recommendations
- AI detected serious security threats
Audit Metadata