code-mode
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFE
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill's primary purpose is to help implement a tool that executes LLM-generated scripts. It explicitly recommends and provides templates for secure, isolated environments (e.g., QuickJS, Pyodide, RestrictedPython) that are restricted from filesystem and network access by default.
- [COMMAND_EXECUTION]: The skill provides instructions for the user to install well-known sandboxing libraries via standard package managers (npm, pip). This is standard procedure for the intended functionality.
- [PROMPT_INJECTION]: The skill design creates an indirect prompt injection surface as it processes external API data. However, the risk is mitigated by the intended use of sandboxed runtimes and extraction-focused scripts.
- Ingestion points: Raw API responses are passed to the sandbox via the DATA variable (referenced in SKILL.md and references/benchmark-pattern.md).
- Boundary markers: Not explicitly defined in templates, though behavior is constrained by the LLM-generated extraction logic.
- Capability inventory: Sandbox environments permit code execution (eval, exec) but lack filesystem or network primitives.
- Sanitization: Security relies on the runtime isolation of the chosen sandbox (WASM or V8 isolates) rather than input filtering.
Audit Metadata