Skills
skills/computesdk/sandbox-skills/namespace-sandbox/Gen Agent Trust Hub

namespace-sandbox

Fail

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [REMOTE_CODE_EXECUTION] (HIGH): The skill provides a mechanism to execute arbitrary code via the sandbox.runCode method on remote Namespace cloud instances. This is a primary vector for Indirect Prompt Injection. Evidence Chain: (1) Ingestion Point: Code strings passed to runCode in SKILL.md. (2) Boundary Markers: None present to distinguish instructions from data. (3) Capability Inventory: Full arbitrary code execution and shell command support. (4) Sanitization: None mentioned; the API executes raw strings provided by the agent or user.
  • [EXTERNAL_DOWNLOADS] (HIGH): The documentation explicitly instructs users to add additional skills from an untrusted GitHub repository (https://github.com/computesdk/sandbox-skills). This organization is not on the trusted list, and the remote execution of these skills via npx poses a high risk.
  • [COMMAND_EXECUTION] (MEDIUM): The skill's API explicitly supports shell commands and filesystem operations, granting the agent broad control over the container environment, which could be abused if the agent is manipulated by adversarial input.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 17, 2026, 12:55 AM