Skills
skills/inferen-sh/skills/python-executor/Gen Agent Trust Hub

python-executor

Pass

Audited by Gen Agent Trust Hub on Apr 22, 2026

Risk Level: SAFECOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the infsh command-line tool via Bash to interact with the inference.sh platform for authentication and application execution.
  • [REMOTE_CODE_EXECUTION]: The skill is designed to transmit user-provided Python scripts to a remote sandboxed environment for execution on the vendor's infrastructure.
  • [DATA_EXFILTRATION]: The environment includes networking libraries such as requests, playwright, and selenium that enable network communication and data retrieval from external web sources and APIs.
  • [EXTERNAL_DOWNLOADS]: The documentation points to an installation script for the required CLI tool hosted on the official inference-sh GitHub repository.
  • [PROMPT_INJECTION]: The skill contains an attack surface for indirect prompt injection by processing untrusted content from the web.
  • Ingestion points: Untrusted data enters the agent context through web scraping tools (beautifulsoup4, selenium, playwright) and HTTP clients (requests, httpx) listed in SKILL.md.
  • Boundary markers: No instructions are provided to the agent to treat scraped content as untrusted or to use specific delimiters to separate data from instructions.
  • Capability inventory: The skill allows for subsequent shell command execution via the infsh tool and further network requests based on processed data.
  • Sanitization: No sanitization or validation of the retrieved external content is performed before it is processed or returned to the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 22, 2026, 03:37 PM