skills/skills-shell/skills/python-sdk/Gen Agent Trust Hub

python-sdk

Warn

Audited by Gen Agent Trust Hub on Jun 22, 2026

Risk Level: MEDIUMREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [REMOTE_CODE_EXECUTION]: Documentation files references/tool-builder.md and references/agent-patterns.md include code snippets that utilize the eval() function to handle logic defined in tool arguments (e.g., result = eval(call.args['expression'])). This is an unsafe coding pattern that allows for arbitrary code execution. If an agent follows these examples when implementing tools, it creates a high-risk vulnerability.- [EXTERNAL_DOWNLOADS]: The skill instructions direct the installation of the inferencesh package from PyPI and suggest adding external skills using npx. While these are necessary for the skill's stated purpose of providing an SDK for the inference.sh service, they involve fetching and executing remote code from package registries.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 22, 2026, 04:46 PM