sandbox-sdk
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- EXTERNAL_DOWNLOADS (LOW): The skill documentation instructs the user to install the @cloudflare/sandbox npm package and pull the cloudflare/sandbox Docker image. While these sources are associated with a reputable vendor, they constitute external dependencies.
- COMMAND_EXECUTION (LOW): The skill defines methods for direct command execution (exec) and code interpretation (runCode). This is the primary purpose of the SDK, thus the severity is minimized.
- Indirect Prompt Injection (LOW): The skill exposes a surface for indirect prompt injection by design. 1. Ingestion points: The sandbox.runCode and sandbox.exec methods in SKILL.md. 2. Boundary markers: No delimiters or warnings for untrusted content are specified in the instructions. 3. Capability inventory: Support for subprocess execution, file system modification, and network port exposure via sandbox.exposePort. 4. Sanitization: No sanitization or validation of input code is described.
Audit Metadata