The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill instructs the user to install the @anthropic-ai/sandbox-runtime from the official NPM registry and bubblewrap via the system package manager. These are standard security tools for creating isolated execution environments.
[COMMAND_EXECUTION]: The skill uses shell commands to detect its own directory and configure the sandbox environment. It executes the srt binary to wrap the agent's shell session, which is the core intended functionality for providing a secure auditing environment.
[DATA_EXFILTRATION]: The provided sandbox profile (smart-contract.srt.md) is specifically designed to prevent data exfiltration. It explicitly denies read access to sensitive host directories like ~/.ssh, ~/.aws, and ~/.gnupg, and limits network communication to a whitelist of well-known developer services and Web3 infrastructure providers (e.g., GitHub, NPM, PyPI, Etherscan, Infura).
[REMOTE_CODE_EXECUTION]: While the sandbox configuration allows network access to package registries and GitHub for dependency fetching during audits, this is constrained by the sandbox's OS-level restrictions on filesystem writes to sensitive locations like .env files and private keys.

sandboxed-audit-runner