fix(security): replace eval() with safe parsing in template code

[xr843]

Summary

• Replace unsafe eval() call in the Calculator tool template (AGENTS.md) with an AST-based safe math evaluator
• The safe evaluator uses a whitelist approach: only arithmetic operators (+, -, *, /, **, unary -) and numeric literals (int, float) are allowed
• All function calls, imports, attribute access, and other Python constructs are rejected with a ValueError

Security Impact

The crewai create command ships this template into new projects. The eval() call enables arbitrary code execution via indirect prompt injection (e.g., a malicious document tricks the LLM into calling calculator("__import__('os').system('rm -rf /')")).

Before (vulnerable):

@tool("Calculator")
def calculator(expression: str) -> str:
    return str(eval(expression))  # arbitrary code execution

After (safe):

@tool("Calculator")
def calculator(expression: str) -> str:
    # AST-based evaluator that only allows arithmetic on numeric literals
    ...
    tree = ast.parse(expression, mode="eval")
    return str(_safe_eval(tree))

Testing

Verified the safe evaluator handles:

• Valid expressions: 2 + 3, 10 * 5, 100 / 4, 2 ** 10, -5 + 3, (2 + 3) * 4
• Blocked attacks: __import__('os').system(...), open('/etc/passwd').read(), list comprehensions

Test plan

• Verify crewai create still generates valid projects with the updated template
• Verify the Calculator tool example works for arithmetic expressions
• Verify malicious expressions are rejected

Fixes #5056

🤖 Generated with Claude Code