e-checker
Warn
Audited by Gen Agent Trust Hub on Mar 19, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The
PluginManagerclass inscripts/src/echecker/plugins/manager.pyfeatures a dynamic plugin discovery mechanism. Specifically, the_discover_plugins_in_pathmethod searches for files matching the*_plugin.pypattern and executes them usingimportlib.util.spec_from_file_locationandspec.loader.exec_module. This allows for the execution of arbitrary Python code found within the search paths.\n- [PROMPT_INJECTION]: The skill architecture is vulnerable to indirect prompt injection through the processing of untrusted external data.\n - Ingestion points: Data enters the agent's context through
scripts/src/echecker/excel/provider.py(reads Excel cell content) andscripts/src/echecker/rules/v3_parser.py(parses YAML rule files).\n - Boundary markers: Absent. There are no explicit instructions to the agent to disregard instructions potentially embedded within cell data or rule metadata.\n
- Capability inventory: The skill can read from and write to the filesystem, including generating annotated Excel files and HTML reports via
scripts/src/echecker/excel/annotator.pyandscripts/src/echecker/reports/html_reporter.py.\n - Sanitization: Risk is mitigated by the implementation of a custom expression evaluator in
scripts/src/echecker/expression/evaluator.py, which performs its own parsing and avoids using dangerous built-in functions likeeval()orexec().
Audit Metadata