skills/skill-zero/s/python-executor/Gen Agent Trust Hub

python-executor

Fail

Audited by Gen Agent Trust Hub on Feb 18, 2026

Risk Level: CRITICALREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [REMOTE_CODE_EXECUTION] (CRITICAL): Piped remote execution detected. The instruction 'curl -fsSL https://cli.inference.sh | sh' downloads and executes code from an untrusted source without verification.
  • [COMMAND_EXECUTION] (HIGH): The skill allows the agent to execute arbitrary Python code via the 'infsh' tool. This capability can be weaponized if the agent's input is controlled by an attacker.
  • [DATA_EXFILTRATION] (HIGH): Arbitrary code execution (Python) combined with network libraries ('requests', 'httpx') allows for the exfiltration of sensitive information or session tokens from the environment.
  • [EXTERNAL_DOWNLOADS] (MEDIUM): The skill encourages downloading and installing a CLI tool from an unverified third-party source ('inference.sh').
  • [PROMPT_INJECTION] (LOW): Susceptible to indirect prompt injection. Evidence: 1. Ingestion points: 'code' field in input schema in 'SKILL.md'. 2. Boundary markers: Absent. 3. Capability inventory: Python execution with network access and file write. 4. Sanitization: Absent.
Recommendations
  • HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
  • AI detected serious security threats
Audit Metadata
Risk Level
CRITICAL
Analyzed
Feb 18, 2026, 09:34 AM
Security Audit — agent-trust-hub — python-executor