code-exec-fallback-266cba
Fail
Audited by Gen Agent Trust Hub on May 15, 2026
Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to use the
run_shelltool to execute Python scripts directly. Shell execution typically provides broader access to the underlying operating system and file system compared to a restricted sandbox environment. - [REMOTE_CODE_EXECUTION]: By providing a formal workflow to generate and execute arbitrary script files (
write_filefollowed byrun_shell), the skill creates a mechanism for executing code that may be influenced or controlled by untrusted external inputs at runtime. - [PRIVILEGE_ESCALATION]: The instructions are specifically designed to bypass the
execute_code_sandboxtool when it fails. If the sandbox was implemented to enforce security boundaries or resource limits, this fallback pattern intentionally subverts those protections to gain higher-privileged shell access.
Recommendations
- AI detected serious security threats
Audit Metadata