hand-tracking-toolkit
Warn
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill retrieves its core source code from the official Meta Facebook Research repository on GitHub. This is a trusted and well-known service.
- [COMMAND_EXECUTION]: The quick start and usage examples demonstrate the use of
pickle.load()to read prediction data. This is a significant security risk because the pickle module is not secure and can execute arbitrary code during the deserialization of a maliciously crafted file. - [COMMAND_EXECUTION]: Installation instructions include running
pip install -r requirements.txt, which triggers the execution of installation scripts for the required Python dependencies. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by processing external files. Ingestion points: Data is loaded from user-provided
.pklfiles and HOT3D sequence directories. Boundary markers: The skill does not implement delimiters or ignore-instructions warnings for processed data. Capability inventory: The skill can perform file system operations and execute code through pickle deserialization. Sanitization: There is no evidence of input validation or sanitization for the data loaded from external files.
Audit Metadata