iii-sandbox
Pass
Audited by Gen Agent Trust Hub on Jun 17, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: Provides an interface for executing arbitrary commands and code snippets within libkrun microVMs through sandbox::run and sandbox::exec functions.
- [DATA_EXFILTRATION]: Includes filesystem operations such as sandbox::fs::read and sandbox::fs::grep that allow data to be retrieved from the isolated environment.
- [REMOTE_CODE_EXECUTION]: Facilitates the execution of agent-generated or untrusted code as its primary function, utilizing hardware-assisted virtualization for isolation.
- [PROMPT_INJECTION]: The skill processes untrusted code and data within its sandboxes, presenting an indirect injection surface. 1. Ingestion points: Untrusted data enters the sandbox via sandbox::run, sandbox::exec, and sandbox::fs::write (SKILL.md). 2. Boundary markers: Isolation is enforced via libkrun microVM boundaries (SKILL.md). 3. Capability inventory: Supports shell command execution, comprehensive filesystem manipulation, and optional host network access (SKILL.md). 4. Sanitization: Relies on the microVM's execution boundary and discarded overlay filesystem for containment.
Audit Metadata