python-sdk
Fail
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADS
Full Analysis
- [REMOTE_CODE_EXECUTION] (HIGH): The documentation in
references/tool-builder.mdprovides examples for 'Handling Tool Calls' that use Python'seval()function to process arguments (e.g.,eval(call.args['expression'])). This is an extremely dangerous pattern that allows arbitrary code execution on the host machine by anyone who can influence the agent's input through prompt injection. - [COMMAND_EXECUTION] (MEDIUM): Several files (e.g.,
references/agent-patterns.md,references/tool-builder.md) demonstrate the use ofinternal_tools().code_execution(True). This capability allows the AI agent to generate and execute its own code, which can be used as a vector for privilege escalation or persistence if the agent's prompts are compromised. - [DATA_EXFILTRATION] (LOW): As described in
references/files.md, the SDK automatically uploads files if a local path is found in the input. This design can be exploited to exfiltrate sensitive local files (like SSH keys or configuration files) if the agent is tricked into referencing them. - [EXTERNAL_DOWNLOADS] (LOW): The
references/files.mdfile contains examples using therequestslibrary to download files from arbitrary URLs (requests.get(image_url)), which could be used to fetch malicious payloads and subsequently write them to the local filesystem.
Recommendations
- AI detected serious security threats
Audit Metadata