python-sdk
Warn
Audited by Gen Agent Trust Hub on Jun 14, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: Documentation examples in 'references/tool-builder.md' demonstrate the use of the Python 'eval()' function to process tool arguments provided by the AI (e.g., for a calculator tool). This pattern allows for arbitrary command execution if a malicious prompt influences the arguments generated by the agent.
- [REMOTE_CODE_EXECUTION]: The SDK supports enabling built-in code execution capabilities for agents, which allows the AI to autonomously generate and execute scripts within the environment.
- Evidence: Use of 'internal_tools().code_execution(True)' in 'references/agent-patterns.md' and 'references/tool-builder.md'.
- [EXTERNAL_DOWNLOADS]: The skill instructs the installation of several external dependencies and recommends adding additional CLI tools.
- Evidence: Instructions to run 'pip install inferencesh' and 'npx skills add belt-sh/cli' in 'SKILL.md'.
- Evidence: Use of 'requests.get()' to download files from remote URLs in 'references/files.md'.
- [PROMPT_INJECTION]: The skill architecture facilitates building agents that ingest untrusted data from external sources (search results, webhooks) and process it using tools with high-privilege capabilities.
- Ingestion points: Tavily search assistant results in 'references/agent-patterns.md' and external webhook triggers in 'references/tool-builder.md'.
- Boundary markers: None identified in the instructional snippets to prevent the agent from following instructions embedded in processed data.
- Capability inventory: The skill documents capabilities for code execution, file deletion ('delete_file' tool), and 'eval()' usage.
- Sanitization: Provided examples do not include input validation or sanitization before passing data to executable functions.
Audit Metadata