skills/iii-hq/iii/iii-sandbox/Gen Agent Trust Hub

iii-sandbox

Pass

Audited by Gen Agent Trust Hub on Jun 17, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: Provides an interface for executing arbitrary commands and code snippets within libkrun microVMs through sandbox::run and sandbox::exec functions.
  • [DATA_EXFILTRATION]: Includes filesystem operations such as sandbox::fs::read and sandbox::fs::grep that allow data to be retrieved from the isolated environment.
  • [REMOTE_CODE_EXECUTION]: Facilitates the execution of agent-generated or untrusted code as its primary function, utilizing hardware-assisted virtualization for isolation.
  • [PROMPT_INJECTION]: The skill processes untrusted code and data within its sandboxes, presenting an indirect injection surface. 1. Ingestion points: Untrusted data enters the sandbox via sandbox::run, sandbox::exec, and sandbox::fs::write (SKILL.md). 2. Boundary markers: Isolation is enforced via libkrun microVM boundaries (SKILL.md). 3. Capability inventory: Supports shell command execution, comprehensive filesystem manipulation, and optional host network access (SKILL.md). 4. Sanitization: Relies on the microVM's execution boundary and discarded overlay filesystem for containment.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 17, 2026, 10:03 AM
Security Audit — agent-trust-hub — iii-sandbox