Skills
skills/claude-office-skills/claude-office-plugin/agent-mode/Gen Agent Trust Hub

agent-mode

Fail

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill configuration sets autoExecute: true, which allows the agent to execute generated code blocks automatically. The instructions explicitly direct the agent to always generate executable JavaScript for every response.
  • [REMOTE_CODE_EXECUTION]: The skill provides instructions and a template for executing arbitrary Python and Shell scripts via a sandboxExec() function. This enables the agent to generate and run complex logic that could interact with the host system or external resources.
  • [EXTERNAL_DOWNLOADS]: The sandboxExec() function supports a pip parameter to install Python packages at runtime. Allowing the agent to autonomously decide which packages to install from public registries introduces risks of supply chain attacks or execution of malicious dependencies.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Jun 13, 2026, 09:44 AM
Security Audit — agent-trust-hub — agent-mode