guidance
Warn
Audited by Gen Agent Trust Hub on Jun 29, 2026
Risk Level: MEDIUMREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill provides implementation patterns for agents (in
SKILL.mdandreferences/examples.md) that utilize theeval()function to execute model-generated strings as Python code. This represents a significant risk because model outputs can be manipulated by malicious inputs to execute arbitrary code within the agent's environment. - [PROMPT_INJECTION]: The skill is designed to ingest and extract data from untrusted external text (as seen in the 'Data Extraction' and 'Entity Extraction' patterns). While the skill uses grammars to constrain output format, it does not implement boundary markers or instructions to prevent the model from obeying malicious commands embedded within the processed data (Indirect Prompt Injection).
Audit Metadata