python-api
Pass
Audited by Gen Agent Trust Hub on May 28, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill generates Python introspection scripts in the local
scratch/directory and executes them using thepixipackage manager (Shape 1 and Shape 2 lookups). This allows the agent to extract exact signatures and help text from currently installed library versions. - [EXTERNAL_DOWNLOADS]: Through 'Shape 3' lookups, the skill performs web searches and fetches narrative documentation from external URLs, which are then cached as markdown files in the workspace. While it targets documentation, this involves network operations to non-whitelisted domains.
- [PROMPT_INJECTION]: The skill contains explicit instructions to override the agent's default behavior, such as 'No symbols from memory' and 'Recognition is not a lookup,' to prevent hallucinations based on training data. Additionally, the ingestion and processing of external documentation for caching creates a potential surface for indirect prompt injection if the source content is untrusted.
Audit Metadata