python-workspace
Warn
Audited by Gen Agent Trust Hub on Jun 14, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides instructions and examples for executing commands using Wine (e.g.,
wine "C:\\Program Files\\Python312\\python.exe" ...). This allows for the execution of arbitrary code within the emulated environment. - [COMMAND_EXECUTION]: A hardcoded absolute path to a specific user directory (
/Users/terryli/Library/Application Support/CrossOver/Bottles/MetaTrader 5/drive_c) is present. Exposing specific system usernames and paths can be exploited for unauthorized file access or path traversal attacks if the agent is instructed to interact with the file system. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests and processes external market data and MQL5 indicator code without employing boundary markers or sanitization techniques.
- Ingestion points: Market data fetched via
export_aligned.pyand MQL5 source code provided for translation. - Boundary markers: None identified in the documentation or instructions.
- Capability inventory: Execution of Python scripts via Wine and CLI-based compilation tasks.
- Sanitization: No input validation, escaping, or filtering of the processed data or code is mentioned or implemented.
Audit Metadata