python-workspace

Warn

Audited by Gen Agent Trust Hub on Jun 14, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill provides instructions and examples for executing commands using Wine (e.g., wine "C:\\Program Files\\Python312\\python.exe" ...). This allows for the execution of arbitrary code within the emulated environment.
  • [COMMAND_EXECUTION]: A hardcoded absolute path to a specific user directory (/Users/terryli/Library/Application Support/CrossOver/Bottles/MetaTrader 5/drive_c) is present. Exposing specific system usernames and paths can be exploited for unauthorized file access or path traversal attacks if the agent is instructed to interact with the file system.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests and processes external market data and MQL5 indicator code without employing boundary markers or sanitization techniques.
  • Ingestion points: Market data fetched via export_aligned.py and MQL5 source code provided for translation.
  • Boundary markers: None identified in the documentation or instructions.
  • Capability inventory: Execution of Python scripts via Wine and CLI-based compilation tasks.
  • Sanitization: No input validation, escaping, or filtering of the processed data or code is mentioned or implemented.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 14, 2026, 11:38 AM
Security Audit — agent-trust-hub — python-workspace