script-generator

Fail

Audited by Gen Agent Trust Hub on Mar 18, 2026

Risk Level: HIGHCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to execute arbitrary Python scripts using the bash() function, allowing for unrestricted local code execution of logic generated at runtime.
  • [DATA_EXFILTRATION]: Scripts have access to sensitive environment variables such as TAAPI_API_KEY and COINGEKO_API_KEY, and the skill encourages using the requests library, which enables the transmission of these credentials to external domains.
  • [COMMAND_EXECUTION]: The use of schedule_task allows the creation of recurring background processes, which serves as a persistence mechanism to maintain execution across sessions.
  • [PROMPT_INJECTION]: The skill represents a significant surface for indirect prompt injection by transforming user-supplied trading strategies into executable code. Ingestion points: User prompts for recurring tasks or price alerts (SKILL.md). Boundary markers: None present to distinguish user data from code logic. Capability inventory: bash(), write_file(), and schedule_task() (SKILL.md). Sanitization: No validation or sanitization of user input is performed before script generation.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 18, 2026, 07:36 AM
Security Audit — agent-trust-hub — script-generator