python-sdk
Pass
Audited by Gen Agent Trust Hub on Jul 7, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill facilitates the installation of the 'inferencesh' Python package, which is the official SDK for the platform.
- [COMMAND_EXECUTION]: The skill configuration allows the agent to execute environment setup commands and arbitrary Python scripts via the shell to support developer workflows.
- [REMOTE_CODE_EXECUTION]: Documentation examples in 'references/tool-builder.md' and 'references/agent-patterns.md' use the Python 'eval()' function to process dynamic tool inputs for a calculator example. This is a best-practice violation that could lead to arbitrary code execution if adopted for production tools without proper validation.
- [DATA_EXFILTRATION]: The SDK includes native functionality for uploading files to the service's storage and sending data to external webhooks. While these are core platform features, they provide a channel for data movement.
- [PROMPT_INJECTION]: The SDK exposes an indirect prompt injection surface through its agent-building capabilities, which ingest data from model outputs and external inputs. The documentation focuses on functionality and does not explicitly demonstrate the use of boundary markers or sanitization in the provided examples.
Audit Metadata