python-sdk
Pass
Audited by Gen Agent Trust Hub on Apr 14, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The documentation includes code examples using the
eval()function to implement a calculator tool. While intended for demonstration, usingeval()on unsanitized input is a significant security risk (command injection) if developers copy this pattern into production environments. - [COMMAND_EXECUTION]: The SDK provides a
code_executioncapability for agents, allowing them to dynamically generate and run code. This is a core platform feature that requires strict permission management and oversight of agent autonomy. - [EXTERNAL_DOWNLOADS]: The skill provides instructions to install the
inferenceshpackage from PyPI, the standard package registry for Python, which is the expected delivery method for the vendor's official SDK.
Audit Metadata