python-sdk
Warn
Audited by Gen Agent Trust Hub on Apr 14, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The documentation file 'references/tool-builder.md' includes several code examples that use the Python 'eval()' function to process input for a calculator tool (e.g., 'result = eval(call.args["expression"])'). This is an insecure coding practice that allows for arbitrary code execution if the input is not strictly validated or originates from an untrusted source.
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the 'inferencesh' package via pip, which is the standard method for deploying this SDK and is considered expected behavior for this skill type.
Audit Metadata