tensorlake
Fail
Audited by Gen Agent Trust Hub on May 8, 2026
Risk Level: HIGHSAFEEXTERNAL_DOWNLOADS
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill recommends installing the Tensorlake CLI via a piped shell command:
curl -fsSL https://tensorlake.ai/install | sh. This is a remote execution pattern; however, it targets the official domain of the skill's author, which is a well-known service in this context. - [INDIRECT_PROMPT_INJECTION]: The skill instructs the agent to fetch live documentation from
https://docs.tensorlake.ai/llms.txtto use as the primary source of truth. This exposes the agent to potential instructions embedded in external content. - Ingestion points: Instructions in
SKILL.mdandAGENTS.mddirect the agent to fetch and process markdown files fromdocs.tensorlake.ai. - Boundary markers: Absent. There are no instructions to the agent to disregard or isolate potential prompts found within the fetched documentation.
- Capability inventory: The skill documents and enables extensive capabilities including file system operations (
write_file,read_file), process management (start_process), and interactive shell sessions (create_pty) as detailed inreferences/sandbox_sdk.md. - Sanitization: Absent. The skill explicitly directs the agent to trust the live documentation over bundled snapshots.
- [DYNAMIC_EXECUTION]: The evaluation tool
evals/grade_static.pyusesimportlib.import_module()to dynamically load thetensorlakepackage for name verification. This is standard behavior for a static analysis script provided with the skill. - [COMMAND_EXECUTION]: The test scripts
evals/run.pyandevals/grade.pyutilizesubprocess.run()to execute agent commands and grading logic. These are standard components of the development and testing harness included in the repository.
Recommendations
- HIGH: Downloads and executes remote code from: https://tensorlake.ai/install - DO NOT USE without thorough review
Audit Metadata