Skills
skills/aradotso/ai-agent-skills/all-agentic-architectures/Gen Agent Trust Hub

all-agentic-architectures

Warn

Audited by Gen Agent Trust Hub on May 17, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The implementation of the calculator tool in SKILL.md uses the Python eval() function to process input strings. This is a significant security risk as it allows for the execution of arbitrary Python code if the agent is provided with a malicious expression.
  • [COMMAND_EXECUTION]: The troubleshooting section of SKILL.md includes the run_notebook function, which uses nbconvert.preprocessors.ExecutePreprocessor to programmatically execute all code cells within a Jupyter notebook.
  • [EXTERNAL_DOWNLOADS]: The skill's setup instructions direct users to clone an external repository from GitHub (github.com/FareedKhan-dev/all-agentic-architectures.git).
  • [PROMPT_INJECTION]: The architectural patterns in SKILL.md create a surface for indirect prompt injection.
  • Ingestion points: Untrusted data enters the agent context through parameters such as user_input, task, and problem across multiple patterns including ReflectionState, MultiAgentState, and ToTState.
  • Boundary markers: Prompt templates do not use delimiters or explicit instructions to ignore embedded instructions within processed data.
  • Capability inventory: The skill provides high-risk capabilities, including eval()-based code execution, notebook execution, and network-enabled search tools.
  • Sanitization: There is no evidence of input validation, escaping, or filtering before untrusted content is interpolated into agent prompts.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 17, 2026, 07:33 PM
Security Audit — agent-trust-hub — all-agentic-architectures