script-generator
Fail
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: HIGHCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute arbitrary Python scripts using the bash() function, allowing for unrestricted local code execution of logic generated at runtime.
- [DATA_EXFILTRATION]: Scripts have access to sensitive environment variables such as TAAPI_API_KEY and COINGEKO_API_KEY, and the skill encourages using the requests library, which enables the transmission of these credentials to external domains.
- [COMMAND_EXECUTION]: The use of schedule_task allows the creation of recurring background processes, which serves as a persistence mechanism to maintain execution across sessions.
- [PROMPT_INJECTION]: The skill represents a significant surface for indirect prompt injection by transforming user-supplied trading strategies into executable code. Ingestion points: User prompts for recurring tasks or price alerts (SKILL.md). Boundary markers: None present to distinguish user data from code logic. Capability inventory: bash(), write_file(), and schedule_task() (SKILL.md). Sanitization: No validation or sanitization of user input is performed before script generation.
Recommendations
- AI detected serious security threats
Audit Metadata