modal-sandbox
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [EXTERNAL_DOWNLOADS] (HIGH): The skill instructs the user to download and install additional skills from 'https://github.com/computesdk/sandbox-skills'. The 'computesdk' organization is not a pre-approved trusted source, creating a risk of installing malicious logic.- [REMOTE_CODE_EXECUTION] (HIGH): The core functionality provided ('sandbox.runCode') allows for arbitrary code execution on remote infrastructure (Modal). If an agent uses this to process untrusted user input, it becomes a high-risk vector for code execution attacks.- [DATA_EXFILTRATION] (MEDIUM): Documentation specifies that 'Ports are exposed with unencrypted tunnels by default'. This configuration can lead to the exposure or interception of sensitive data transmitted to or from the sandbox environment.- [COMMAND_EXECUTION] (MEDIUM): The skill documentation refers to the ability to execute shell commands and filesystem operations via the 'ComputeSDK' API, which significantly increases the attack surface if used without strict input sanitization.
Recommendations
- AI detected serious security threats
Audit Metadata