python-executor
Warn
Audited by Gen Agent Trust Hub on Mar 17, 2026
Risk Level: MEDIUMREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill enables execution of arbitrary Python scripts on the inference.sh platform via the infsh CLI. This functionality facilitates dynamic code execution at runtime, which is inherently risky if the code content is derived from untrusted sources.\n- [COMMAND_EXECUTION]: The skill requires authorization to execute the infsh command-line tool, allowing the agent to interact with external services through local shell commands.\n- [DATA_EXFILTRATION]: The execution environment provides libraries like requests, httpx, and selenium, which allow the script to make external network calls. This could be exploited to exfiltrate sensitive information if a malicious script is executed.\n- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes a code string without sanitization or boundary markers.\n
- Ingestion points: The 'code' field in the input schema within SKILL.md.\n
- Boundary markers: None present; the skill lacks delimiters to separate executable code from untrusted data.\n
- Capability inventory: Includes arbitrary Python execution with network access and file system write capabilities to the 'outputs/' directory.\n
- Sanitization: No validation or sanitization of the input code is performed prior to execution.
Audit Metadata