python-sdk
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The files
references/agent-patterns.mdandreferences/tool-builder.mdprovide implementation examples for a Calculator tool using theeval()function oncall.args['expression']. Since these arguments are generated by an LLM, this pattern creates a direct path for arbitrary code execution on the host system. - [REMOTE_CODE_EXECUTION] (HIGH): Multiple reference files demonstrate the use of
internal_tools().code_execution(True), which allows agents to run arbitrary Python code. Without strict sandboxing or human-in-the-loop controls, this capability is highly exploitable. - [DATA_EXFILTRATION] (MEDIUM): The
webhook_tooldocumentation inreferences/tool-builder.mdshows how to send data to external HTTP endpoints. This can be misused to exfiltrate sensitive information. - [EXTERNAL_DOWNLOADS] (LOW): Examples in
references/files.mdandreferences/streaming.mduserequestsandaiohttpto download data from URLs. While presented as result retrieval, these could be misused for unauthorized external communication or downloading malicious payloads. - [PROMPT_INJECTION] (LOW): (Category 8) RAG and web search patterns ingest external data without sanitization. Ingestion points:
tavily/search-assistantresults and file attachments inreferences/agent-patterns.mdandreferences/files.md. Boundary markers: Absent. Capabilities:eval(),delete_file, and arbitrary code execution. Sanitization: Absent. - [DATA_EXFILTRATION] (LOW): File handling examples allow for local file access; if path construction incorporates untrusted input, it could lead to directory traversal or unauthorized file exposure.
Recommendations
- AI detected serious security threats
Audit Metadata