Skills
skills/inference-skills/skills/python-executor/Gen Agent Trust Hub

python-executor

Pass

Audited by Gen Agent Trust Hub on May 7, 2026

Risk Level: SAFEREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill is explicitly designed to execute arbitrary Python code on a remote server provided by the vendor. It utilizes the belt CLI to transmit and run code payloads.
  • [COMMAND_EXECUTION]: The skill requires access to the Bash tool to execute belt commands, which is used to interact with the remote Python execution environment.
  • [EXTERNAL_DOWNLOADS]: The skill references installation instructions for the belt CLI utility from the vendor's GitHub repository (github.com/inference-sh). This is part of the standard setup for the service.
  • [INDIRECT_PROMPT_INJECTION]: The skill possesses a significant attack surface for indirect prompt injection.
  • Ingestion points: The code input parameter accepts strings of Python code constructed by the agent.
  • Boundary markers: There are no boundary markers or instructions to sanitize or validate the content of the code block before execution.
  • Capability inventory: The remote environment supports network operations (via requests, selenium, etc.) and file outputs, allowing for complex multi-stage operations.
  • Sanitization: The skill relies entirely on the remote environment's sandboxing (as described in the documentation) rather than input-level sanitization.
Audit Metadata
Risk Level
SAFE
Analyzed
May 7, 2026, 07:25 AM
Security Audit — agent-trust-hub — python-executor