blaxel
Pass
Audited by Gen Agent Trust Hub on Mar 26, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill provides tools for executing shell commands and managing processes within isolated microVMs via the
sandbox.process.execmethod. This functionality is the primary purpose of the skill and is restricted to the sandbox environment. - [EXTERNAL_DOWNLOADS]: The instructions reference installing the Blaxel CLI from the official documentation site and using Docker images from the vendor's Hub and GitHub Container Registry (
ghcr.io/blaxel-ai/). These are trusted vendor sources. - [REMOTE_CODE_EXECUTION]: The agent is empowered to build, deploy, and execute code within Blaxel's serverless infrastructure. While this constitutes remote execution, it is performed within secure, isolated environments (sandboxes/jobs) specifically designed for this purpose.
- [DATA_EXFILTRATION]: Network operations are directed towards Blaxel's own domains (
*.bl.run,*.blaxel.ai) for the purpose of creating live previews and managing resources. This matches the vendor's legitimate infrastructure patterns. - [SAFE]: No evidence of prompt injection, obfuscation, or unauthorized persistence was found. The skill follows best practices for secret management, instructing users to use environment variables or the platform's dedicated secret management console.
Audit Metadata