python-executor
Fail
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION] (CRITICAL): The skill documentation explicitly instructs users or agents to execute
curl -fsSL https://cli.inference.sh | sh. This pattern is a major security risk as it executes unverified code from an untrusted source with full shell privileges. - [EXTERNAL_DOWNLOADS] (HIGH): The skill relies on tools and services from
inference.sh, which is not on the list of trusted GitHub organizations or repositories. - [COMMAND_EXECUTION] (HIGH): The skill requests
Bash(infsh *)capabilities, granting the agent the power to execute any subcommand of theinfshCLI, which could lead to unauthorized actions if the tool handles credentials or sensitive local state. - [PROMPT_INJECTION] (LOW): The skill is highly vulnerable to indirect prompt injection through the
codeinput parameter. 1. Ingestion points:codefield in the input JSON provided to the executor. 2. Boundary markers: None present; the code is treated as a raw execution string. 3. Capability inventory: The execution environment includes full network access (viarequests,httpx), file system writes (to theoutputs/directory), and browser automation tools (playwright,selenium). 4. Sanitization: No sanitization, validation, or escaping is performed on the input code before execution.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata