yao-doctor-skill
Pass
Audited by Gen Agent Trust Hub on Jun 25, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a Python-based analysis engine (
scripts/scan_security_skills.py) which uses theastmodule to perform semantic dataflow tracking and identify potential security risks in other codebases. - [EXTERNAL_DOWNLOADS]: The detection engine is configured to identify downloads from untrusted sources such as paste sites and shortlinks. Correspondingly, the evaluation suite (
evals/pressure_suite/) includes fixtures that fetch content from services likepaste.rsto verify detection efficacy. - [REMOTE_CODE_EXECUTION]: The skill includes test fixtures and documentation that describe or implement remote code execution patterns. For example,
evals/pressure_suite/remote-updater/contains logic to download and execute Python code, andscripts/build_public_example_report.pygenerates mock report data containing shell-piping commands (curl | sh). These are used exclusively for benchmarking the scanner. - [DATA_EXFILTRATION]: The
evals/directory contains deliberate exfiltration patterns, such as reading sensitive SSH keys from~/.ssh/id_rsaand sending the data to external endpoints (e.g., Slack webhooks). These functions are part of a 'pressure suite' designed to test the scanner's ability to detect source-to-sink exfiltration chains.
Audit Metadata