openqemu
Pass
Audited by Gen Agent Trust Hub on Mar 26, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the Bash tool to execute curl commands that interact with the OpenSandbox API. These commands manage the sandbox lifecycle and facilitate interaction with the virtualized environment.
- [EXTERNAL_DOWNLOADS]: The skill performs network operations by sending HTTP requests to an external API endpoint defined by the OPENSANDBOX_API_URL environment variable. This is necessary for the skill's primary functionality of managing remote sandboxes.
- [REMOTE_CODE_EXECUTION]: The skill is specifically designed to execute commands and code within a remote, isolated QEMU-based sandbox. The instructions guide the agent on how to send code to the /exec/run endpoint for execution inside the VM.
- [DATA_EXFILTRATION]: The skill transmits an API key (OPENSANDBOX_API_KEY) in the headers of its network requests. The instructions correctly advise managing this secret via environment variables, minimizing the risk of hardcoded credential exposure.
- [INDIRECT_PROMPT_INJECTION]: The skill processes output from the sandbox (file content and command execution results). Since this data originates from an external environment, it represents a potential surface for indirect prompt injection if the sandbox contains malicious content.
Audit Metadata