agents-towards-production
Warn
Audited by Gen Agent Trust Hub on May 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The implementation of the 'calculator' tool in the 'Common Patterns' section uses Python's 'eval()' function on input strings. This is a high-risk pattern because it allows an agent (or a malicious actor influencing the agent) to execute arbitrary code on the host environment.
- [PROMPT_INJECTION]: The skill demonstrates agent architectures that ingest untrusted data from external sources (Web Search and RAG), creating a surface for indirect prompt injection.
- Ingestion points: Web search results from 'TavilyClient' and knowledge base search results from 'ContextualClient' (found in SKILL.md).
- Boundary markers: Absent. External content is directly interpolated into prompt templates without clear delimiters or instructions to ignore embedded commands.
- Capability inventory: The demonstrated agents have access to shell commands via Docker, network access via several clients, and code execution via the 'eval()'-based calculator tool.
- Sanitization: No input validation, escaping, or sanitization logic is included in the provided examples for handling retrieved external data.
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to clone an external code repository from 'github.com/NirDiamant/agents-towards-production.git'. This repository contains scripts and configurations that are executed as part of the tutorials.
Audit Metadata