Skills
skills/1nfsh-s3/skills/python-sdk/Gen Agent Trust Hub

python-sdk

Pass

Audited by Gen Agent Trust Hub on Mar 8, 2026

Risk Level: SAFECOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill requests broad permissions via allowed-tools to run pip install and python commands to facilitate SDK usage.
  • [REMOTE_CODE_EXECUTION]: Documentation provides examples using eval() and code_execution(True) capabilities. These patterns can allow arbitrary code execution if the agent processes untrusted inputs without sanitization.
  • [EXTERNAL_DOWNLOADS]: The skill facilitates downloading the inferencesh package and remote content for 'skills' via URLs.
  • [PROMPT_INJECTION]: The skill creates an architecture vulnerable to indirect prompt injection by allowing agents to ingest data from files, web search, and tool outputs while maintaining capabilities like code execution. Evidence: 1. Ingestion points: agent.send_message, web_search, upload_file. 2. Boundary markers: No delimiters or explicit warnings are suggested in the patterns. 3. Capability inventory: Access to code_execution, Bash, and network webhooks. 4. Sanitization: No input validation or filtering logic is included in the documentation.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 8, 2026, 02:51 AM