python-deprecation-fixer
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION] (HIGH): The skill possesses a high-risk indirect prompt injection surface because it ingests untrusted data (source code from arbitrary projects) and has the capability to perform side-effect-heavy operations (modifying source code).\n
- Ingestion points: The script
scripts/fix_deprecations.py(referenced in documentation) reads and analyzes files from user-specified project directories.\n - Boundary markers: Absent; there are no delimiters or instructions provided to the agent to help it distinguish between legitimate code and malicious instructions embedded in comments or strings.\n
- Capability inventory: The skill is designed to modify files on the local filesystem (
--fixflag), create directories for backups, and potentially validate syntax by executing the modified code.\n - Sanitization: The replacement logic relies on regex patterns in
deprecation_patterns.json, which is a weak control against adversarial code structures designed to subvert the replacement process.\n- [COMMAND_EXECUTION] (MEDIUM): The skill executes a Python script that performs recursive file system modifications. This powerful capability could be abused to corrupt project files or introduce backdoors if the agent is misled into targeting sensitive directories or applying malicious replacement patterns.\n- [NO_CODE] (LOW): The primary execution logicscripts/fix_deprecations.pyis not provided in the skill package for verification. While the metadata describes its behavior, the absence of the actual Python script prevents a full security audit of its implementation details (e.g., use ofeval()orsubprocess.run()).
Recommendations
- AI detected serious security threats
Audit Metadata