Skills
skills/dotnetage/mindx/calculator/Gen Agent Trust Hub

calculator

Fail

Audited by Gen Agent Trust Hub on Apr 11, 2026

Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The calculator_cli.py script executes the expression parameter directly via the eval() function. This creates a critical security vulnerability where untrusted input can be used to execute arbitrary Python code.
  • [COMMAND_EXECUTION]: While the eval() call uses an empty __builtins__ dictionary as a sandbox, this is a known insecure configuration in Python. Attackers can use object introspection to escape the restricted environment, access the os or subprocess modules, and execute arbitrary shell commands on the underlying system.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection due to its processing of untrusted input combined with high-impact execution capabilities.
  • Ingestion points: The expression parameter in calculator_cli.py (read from sys.stdin).
  • Boundary markers: None identified in the prompt instructions or the CLI script.
  • Capability inventory: Potential for full system access through the eval() function in calculator_cli.py.
  • Sanitization: Minimal and ineffective; the script attempts to clear builtins but does not prevent attribute-based sandbox escapes.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Apr 11, 2026, 10:48 AM
Security Audit — agent-trust-hub — calculator