python-sdk
Warn
Audited by Gen Agent Trust Hub on Mar 25, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: Documentation examples in
references/tool-builder.mduse theeval()function to process tool arguments (e.g.,eval(call.args['expression'])). This pattern is insecure as it allows for arbitrary code execution if the input is not strictly validated or sanitized. - [COMMAND_EXECUTION]: The
SKILL.mdfrontmatter specifiesallowed-toolsthat includeBash(python *)andBash(pip install inferencesh), granting the agent the ability to execute arbitrary Python scripts and install external packages in the environment. - [REMOTE_CODE_EXECUTION]: The skill documentation describes enabling an internal
code_executiontool (references/agent-patterns.mdandreferences/tool-builder.md) which permits the agent to write and execute code at runtime to solve problems. - [DATA_EXFILTRATION]: The SDK includes capabilities for uploading local files to remote storage via
client.upload_fileand attaching files to agent messages (references/files.md). This creates a vector for potential exfiltration of sensitive local data. - [DATA_EXFILTRATION]: The
webhook_toolfunctionality documented inreferences/tool-builder.mdallows the agent to send data to external HTTP endpoints, with examples specifically showing integration with services like Slack and GitHub. - [EXTERNAL_DOWNLOADS]: The skill instructions and code snippets frequently reference installing the
inferenceshpackage from a public registry viapip install.
Audit Metadata