python-sdk
Warn
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill metadata and documentation specify the installation of the 'inferencesh' package from the Python Package Index (PyPI) as a primary dependency.\n- [REMOTE_CODE_EXECUTION]: Multiple examples in the 'Tool Builder' reference demonstrate the use of the 'eval()' function to process arguments for calculator tools. This pattern is highly insecure as it allows an AI agent to execute arbitrary code by crafting specific inputs to the tool.\n- [COMMAND_EXECUTION]: The skill configuration ('allowed-tools') permits the execution of shell commands and arbitrary Python scripts ('Bash(python *)'), which grants the agent significant control over the local environment.\n- [DATA_EXFILTRATION]: The SDK includes a 'webhook_tool' feature that allows agents to send data to external URLs. While a standard integration feature, it represents a potential channel for data exfiltration if used improperly.\n- [REMOTE_CODE_EXECUTION]: The skill presents an attack surface for indirect prompt injection due to its extensive execution capabilities.\n
- Ingestion points: Untrusted data enters via 'client.run' and 'agent.send_message' inputs as documented in SKILL.md.\n
- Boundary markers: The examples do not demonstrate the use of specific delimiters to isolate untrusted data from system instructions.\n
- Capability inventory: The SDK supports arbitrary code execution, filesystem access ('references/agent-patterns.md'), and external HTTP requests ('references/tool-builder.md').\n
- Sanitization: Documentation highlights 'require_approval()' and human-in-the-loop workflows as primary security controls for sensitive operations.
Audit Metadata