python-executor
Pass
Audited by Gen Agent Trust Hub on Mar 19, 2026
Risk Level: SAFEREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill is built to execute arbitrary Python code provided by the user on the inference.sh remote infrastructure using the 'infsh' tool.
- [COMMAND_EXECUTION]: The skill utilizes the 'infsh' command-line interface to submit and manage remote application runs.
- [DATA_EXFILTRATION]: The environment includes pre-installed network-capable libraries such as 'requests', 'httpx', and 'aiohttp', which allow the executed code to send data to external URLs.
- [PROMPT_INJECTION]: The skill acts as an indirect prompt injection surface when an agent passes untrusted data into the 'code' parameter.
- Ingestion points: The 'code' input parameter in the input schema defined in SKILL.md.
- Boundary markers: There are no markers or system instructions to prevent the execution of malicious logic embedded within data.
- Capability inventory: The skill allows arbitrary script execution, network requests, and file system operations within the sandbox.
- Sanitization: The skill does not perform any validation or filtering of the provided Python code.
Audit Metadata