Skills
skills/inference-sh/agent-skills/python-executor/Gen Agent Trust Hub

python-executor

Pass

Audited by Gen Agent Trust Hub on Mar 17, 2026

Risk Level: SAFECOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the infsh CLI tool (allowed via Bash(infsh *)) to execute tasks on the vendor's platform.
  • [REMOTE_CODE_EXECUTION]: The primary function of this skill is to transmit and execute Python code on the remote inference.sh infrastructure. The environment is pre-configured with numerous libraries, including those for networking and browser automation.
  • [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection because it executes code provided in the code parameter, which an agent might generate based on untrusted input.
  • Ingestion points: The code field in the input JSON schema (SKILL.md).
  • Boundary markers: No specific delimiters or instructions are provided to the agent to treat the input code as potentially untrusted or to ignore embedded instructions.
  • Capability inventory: The remote environment provides a full Python 3.10 interpreter with capabilities for network access (e.g., requests, httpx), browser automation (e.g., selenium, playwright), and file system access within the sandbox, managed via the infsh tool.
  • Sanitization: The skill definition does not include logic for sanitizing or validating the Python code before execution.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 17, 2026, 07:20 PM