python-executor
Fail
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [REMOTE_CODE_EXECUTION] (CRITICAL): Piped remote execution detected. The instruction 'curl -fsSL https://cli.inference.sh | sh' downloads and executes code from an untrusted source without verification.
- [COMMAND_EXECUTION] (HIGH): The skill allows the agent to execute arbitrary Python code via the 'infsh' tool. This capability can be weaponized if the agent's input is controlled by an attacker.
- [DATA_EXFILTRATION] (HIGH): Arbitrary code execution (Python) combined with network libraries ('requests', 'httpx') allows for the exfiltration of sensitive information or session tokens from the environment.
- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill encourages downloading and installing a CLI tool from an unverified third-party source ('inference.sh').
- [PROMPT_INJECTION] (LOW): Susceptible to indirect prompt injection. Evidence: 1. Ingestion points: 'code' field in input schema in 'SKILL.md'. 2. Boundary markers: Absent. 3. Capability inventory: Python execution with network access and file write. 4. Sanitization: Absent.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata