python-executor
Fail
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill provides instructions to download a setup script from the vendor's official domain at cli.inference.sh during the initial setup process.
- [REMOTE_CODE_EXECUTION]: The installation procedure involves piping a remote script directly to a shell (
curl | sh) to install the vendor's command-line interface. This is a common pattern for the installation of developer tools from trusted service providers. - [COMMAND_EXECUTION]: The skill utilizes the
infshCLI tool to facilitate the execution of Python scripts on the vendor's remote infrastructure. - [PROMPT_INJECTION]: The skill presents an attack surface for indirect prompt injection as it accepts and executes arbitrary Python code provided as input.
- Ingestion points: The
codefield within the input schema defined in SKILL.md. - Boundary markers: No specific delimiters or warnings to ignore instructions within the code are implemented in the skill's instructions.
- Capability inventory: The skill allows for remote code execution with access to numerous libraries for networking and data processing via the
infsh app runcommand. - Sanitization: No client-side sanitization or validation of the input code is performed by the skill before transmission to the remote service.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
Audit Metadata