python-executor
Fail
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [Unverifiable Dependencies & Remote Code Execution] (CRITICAL): The skill documentation explicitly instructs users to execute 'curl -fsSL https://cli.inference.sh | sh'. This is a piped remote execution pattern from an untrusted domain (inference.sh), allowing for immediate, unverified code execution on the host system.
- [Dynamic Execution] (HIGH): The primary purpose of the skill is to run arbitrary Python code via the 'infsh' tool. This provides a mechanism for script generation and execution which can be misused if the input 'code' parameter is influenced by malicious third-party data.
- [Indirect Prompt Injection] (LOW): The skill processes untrusted code strings which are interpolated into execution commands. Evidence Chain: 1. Ingestion points: The 'code' property in the JSON input schema. 2. Boundary markers: None. 3. Capability inventory: Access to a Python 3.10 environment with networking and file system capabilities. 4. Sanitization: None detected in the skill description or examples.
- [Data Exposure & Exfiltration] (MEDIUM): The environment includes multiple network-capable libraries (requests, httpx, aiohttp, etc.) and file-writing capabilities. This combination allows an attacker to potentially read sensitive data and exfiltrate it to an external server.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata