Skills
skills/lebsral/dspy-programming-not-prompting-lms-skills/dspy-react/Gen Agent Trust Hub

dspy-react

Warn

Audited by Gen Agent Trust Hub on Mar 22, 2026

Risk Level: MEDIUMREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The code example for the calculate tool in SKILL.md uses the eval() function. This is a dangerous pattern that allows arbitrary Python code execution if the input expression, which is generated by the agent in response to user input, is maliciously crafted.
  • [EXTERNAL_DOWNLOADS]: The skill uses the requests library to fetch data from well-known external services, including the GitHub API (api.github.com) and PyPI (pypi.org). While these are trusted services, the practice of fetching external content is documented as an external data dependency.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes content from external sources and feeds it into the reasoning loop without sanitization.
  • Ingestion points: get_github_issues, search_pypi, and get_github_repo tools in examples.md.
  • Boundary markers: No clear delimiters or instructions to ignore embedded commands are present in the agent prompts or tool outputs.
  • Capability inventory: The agent can make network requests via requests and potentially execute arbitrary code if the eval-based calculate tool is implemented.
  • Sanitization: There is no evidence of filtering, escaping, or validation of the data retrieved from external APIs before it is used in the prompt.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 22, 2026, 01:46 AM