Agentsop Code Execution Decision

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed decision guide for when an agent should use code execution, and its risky points are explained with appropriate warnings.

Installers should understand that this skill may influence an agent to choose code execution for precise computations. Use it with sandboxed interpreters for untrusted inputs, and treat any unsandboxed REPL option as suitable only for trusted, local computation.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The trigger "any step about to be reasoned" is so broad that it can activate the gate on nearly every agent step, including steps that do not need special routing. In a code-execution decision skill, overbroad activation increases the chance of misclassification, unnecessary code execution decisions, and policy drift across unrelated tasks.

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The trigger/action pair around sandbox choice is underspecified because it says to pick an interpreter by "trust + capability" without defining a decision policy or safety constraints. In context, the listed options include an explicitly unsandboxed runtime, so ambiguity could let an agent select an unsafe execution environment for untrusted code or data.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal