e2b-sandbox
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (HIGH): The skill directs users to install additional components from an untrusted GitHub repository. Evidence: Command 'npx skills add https://github.com/computesdk/sandbox-skills --skill computesdk' in SKILL.md. The 'computesdk' organization is not recognized as a trusted source.
- REMOTE_CODE_EXECUTION (HIGH): Remote code is fetched and potentially executed via the npx command referencing an external repository. Evidence: 'npx skills add' target URL in SKILL.md.
- COMMAND_EXECUTION (HIGH): The skill facilitates the execution of arbitrary code and shell commands within E2B Firecracker microVMs. Evidence: 'sandbox.runCode()' and references to filesystem and shell operations in SKILL.md.
- PROMPT_INJECTION (HIGH): (Category 8: Indirect Prompt Injection) The skill exposes a high-privilege execution surface that processes external content. 1. Ingestion points: 'sandbox.runCode()' function in SKILL.md. 2. Boundary markers: None detected to separate instructions from data. 3. Capability inventory: 'runCode', shell commands, and filesystem access. 4. Sanitization: No mention of input validation or escaping for the code strings passed to the sandbox.
Recommendations
- AI detected serious security threats
Audit Metadata