sympy
Pass
Audited by Gen Agent Trust Hub on May 25, 2026
Risk Level: SAFEPROMPT_INJECTIONREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill documents methods for parsing mathematical expressions from strings using
parse_expr,parse_latex, andparse_mathematicainreferences/code-generation-printing.md. This functionality creates a surface for indirect prompt injection where untrusted data could be used to manipulate agent logic. - Ingestion points:
parse_exprandparse_latexinreferences/code-generation-printing.md. - Boundary markers: The documentation notes the need for validation but does not provide programmatic delimiters.
- Capability inventory: The skill includes high-impact capabilities like dynamic code generation (
lambdify), runtime compilation (autowrap), and file writing. - Sanitization: A specific warning is provided in the 'Important Notes' section of
references/code-generation-printing.mdadvising users to sanitize input to avoid code injection. - [REMOTE_CODE_EXECUTION]: The skill describes the use of
pickle.load()for deserializing SymPy objects andeval()(viasrepr()) to recreate expressions inreferences/code-generation-printing.md. These patterns are susceptible to arbitrary code execution if the input data is provided by an adversary. - [COMMAND_EXECUTION]: Features like
autowrapandufuncifyinreferences/code-generation-printing.mdinvolve runtime compilation of C or Fortran code. This requires invoking system-level compilers and dynamic loaders, which can be leveraged for unauthorized command execution if the generated code is not strictly controlled.
Audit Metadata