python-executor
Fail
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- Remote Code Execution (HIGH): The installation script
curl -fsSL https://cli.inference.sh | shrepresents an untrusted remote code execution pattern. This executes unverified code from an external domain not recognized as a trusted source, creating a high-risk vector for system compromise.\n- Dynamic Execution (MEDIUM): The core functionality of the skill is to execute arbitrary Python code on remote infrastructure via theinfshCLI. While this is the intended primary purpose, providing an unconstrained execution environment for code strings poses a risk if input is manipulated by malicious actors.\n- Indirect Prompt Injection (LOW): The skill supports web scraping and external data processing, which creates an attack surface for indirect prompt injection.\n - Ingestion points: Data is ingested via
requests.getand other network libraries from arbitrary, untrusted URLs.\n - Boundary markers: No delimiters or safety warnings are present in the provided code examples to separate ingested content from system instructions.\n
- Capability inventory: The skill allows network access, file system writes to the
outputs/directory, and full Python execution logic.\n - Sanitization: No sanitization or validation of external content is demonstrated before it is processed by the agent.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata