python-executor
Fail
Audited by Gen Agent Trust Hub on Mar 25, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill documentation provides a command to download and execute an installation script from 'https://cli.inference.sh' using 'curl -fsSL | sh'. This is the vendor's official method for installing the 'infsh' CLI tool required for the skill.
- [COMMAND_EXECUTION]: The skill uses the 'infsh' command-line interface to interact with the remote Python execution environment.
- [DATA_EXFILTRATION]: User-provided Python code and any input data are transmitted to the inference.sh cloud infrastructure for execution. This is the intended behavior of the skill for remote processing.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it executes arbitrary Python code provided via the 'code' parameter in its input schema.
- Ingestion points: The 'code' field in the JSON input (found in SKILL.md).
- Boundary markers: None; there are no delimiters or instructions provided to the agent to prevent the execution of malicious logic embedded within the processed code.
- Capability inventory: The sandboxed environment includes powerful libraries for network requests (requests, httpx, aiohttp), browser automation (selenium, playwright), and file system manipulation (saving to 'outputs/').
- Sanitization: There is no evidence of input validation or sanitization to ensure the safety of the code before it is passed to the execution tool.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
Audit Metadata