python-guidelines
Pass
Audited by Gen Agent Trust Hub on Apr 14, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute shell commands using
python -cto verify hypotheses about code behavior, inspect data structures, and find the location of installed packages. While intended for local development verification, this grants the agent shell execution capabilities based on its internal logic. - [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection because it is designed to ingest and process untrusted data in the form of Python code for review or refactoring. Malicious instructions could be embedded within the code or comments of the files being processed.
- Ingestion points: Python source code files being reviewed, refactored, or integrated (referenced in
SKILL.md). - Boundary markers: No specific delimiters or instructions are provided to the agent to distinguish between the code to be analyzed and potential embedded instructions.
- Capability inventory: The agent is encouraged to use
python -cin the terminal for verification and package inspection (referenced inSKILL.md). - Sanitization: There is no mention of sanitizing or validating the contents of the code files before they are processed or used in terminal commands.
Audit Metadata