python-executor
Fail
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [Remote Code Execution] (CRITICAL): The skill's documentation contains the command
curl -fsSL https://cli.inference.sh | sh. This is a 'piped-to-shell' pattern that executes unverified remote code, which is a critical security violation. - [External Downloads] (HIGH): The skill downloads and executes binaries from
inference.sh, which is not a recognized trusted source according to the security policy, introducing significant supply chain risk. - [Command Execution] (MEDIUM): The
allowed-toolsconfigurationBash(infsh *)permits the agent to execute shell commands via theinfshCLI, providing a path for potential privilege escalation or system manipulation. - [Dynamic Execution] (MEDIUM): The primary function involves executing Python code strings via a remote service. While intended for its stated purpose, it enables the execution of complex logic, including network requests and data processing in a remote environment.
- [Indirect Prompt Injection] (LOW): The skill presents an attack surface for indirect prompt injection as it processes raw code strings which may be derived from untrusted input. \n
- Ingestion points: The
codefield in the input JSON schema (SKILL.md). \n - Boundary markers: Absent. There are no delimiters or instructions to prevent the execution of instructions embedded within user data. \n
- Capability inventory: Full Python execution environment with network access (
requests,playwright) and command execution viainfsh(SKILL.md). \n - Sanitization: No evidence of input validation or sanitization before passing strings to the execution engine.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata