sandbox-configurator
Warn
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: MEDIUMPROMPT_INJECTIONCOMMAND_EXECUTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill provides a 'Level 4: No Sandbox' configuration option. This mode explicitly disables security filters and isolation boundaries, allowing the agent direct system access, which could be exploited to bypass all safety constraints.
- [COMMAND_EXECUTION]: The configuration templates recommend excluding 'git' and 'docker' from the sandbox ('excludedCommands'). This allows these high-privilege commands to execute with full system permissions, bypassing the security controls intended for the agent environment.
- [DATA_EXFILTRATION]: Usage examples include instructions to configure sensitive environment variables such as 'NPM_TOKEN' and 'COMPANY_API_KEY'. Although the validation checklist advises against storing secrets, the functional examples encourage users to place credentials in configuration files like '.claude/settings.local.json'.
- [EXTERNAL_DOWNLOADS]: The configuration establishes trusted network boundaries for well-known services, specifically allowing access to '.npmjs.org', 'registry.npmjs.org', '.github.com', and 'api.github.com' to facilitate package management and version control operations.
Audit Metadata