python-sdk
Pass
Audited by Gen Agent Trust Hub on Jun 19, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: Documentation examples in
references/agent-patterns.mdandreferences/tool-builder.mddemonstrate the use of Python'seval()function to process user-supplied expressions for a 'calculator' tool. Usingeval()on untrusted input is a significant security risk that can lead to arbitrary code execution within the environment where the SDK is running. - [EXTERNAL_DOWNLOADS]: The skill instructs users to install external dependencies such as
belt-sh/clivianpx skills add belt-sh/cliand theinferenceshPython package. While these are presented as official project components, users should verify the integrity of these packages before installation. - [DATA_EXFILTRATION]: The SDK facilitates the upload of local files and environment variables (like
INFERENCE_API_KEY) to theinference.shplatform. This is the intended primary purpose of the skill, but users should ensure they do not accidentally upload sensitive local files through the automatic upload features described inreferences/files.md. - [DYNAMIC_EXECUTION]: The skill documentation highlights a 'Code Execution Pattern' and 'Internal Tools' configuration (
.code_execution(True)) that allows agents to write and run code. This provides a powerful capability that requires strict oversight, particularly when the agent processes untrusted data. - [INDIRECT_PROMPT_INJECTION]: The skill describes building agents that ingest data from external sources like web searches and app outputs (
references/agent-patterns.md). This creates a surface for indirect prompt injection where malicious content in a search result or app response could influence the agent's behavior. The documentation correctly mitigates this risk by recommending human-in-the-loop approval workflows for sensitive actions.
Audit Metadata