Skills
skills/agentbay-ai/agentbay-skills/agentbay-aio-skills/Gen Agent Trust Hub

agentbay-aio-skills

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS] (LOW): The skill installs the wuying-agentbay-sdk package using a custom index URL (https://mirrors.aliyun.com/pypi/simple/). While Aliyun is a known provider, it is not on the trusted organization list, making the dependency installation unverifiable.
  • [DATA_EXFILTRATION] (LOW): The script run_code.py is designed to read the user's API key from ~/.config/agentbay/api_key and can read local files via the --code-file argument. This content is then transmitted to the remote AgentBay service. While this is the intended functionality, it constitutes a data exposure path for local files.
  • [COMMAND_EXECUTION] (LOW): The execution script run_code.py writes files (e.g., chart_{timestamp}.png) to the local working directory based on responses from the remote sandbox. This local file-writing capability is a potential vector if the remote service or the agent's input is compromised.
  • [PROMPT_INJECTION] (LOW): The skill is susceptible to indirect prompt injection (Category 8) because it processes arbitrary code provided by the user or read from files and sends it to an external execution environment without internal sanitization, relying entirely on the remote sandbox's isolation.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:27 PM