Skills
skills/inference-sh/skills/python-executor/Gen Agent Trust Hub

python-executor

Pass

Audited by Gen Agent Trust Hub on Mar 18, 2026

Risk Level: SAFEREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill's primary function is to send user-defined or agent-generated Python code to the vendor's remote environment (inference.sh) for execution. This is the documented purpose of the tool and utilizes the vendor's own infrastructure.
  • [COMMAND_EXECUTION]: The skill relies on the infsh command-line utility to interact with the vendor's API and execute tasks. The allowed-tools section explicitly permits Bash(infsh *) for this purpose.
  • [PROMPT_INJECTION]: As a code execution engine, the skill inherently possesses an indirect prompt injection surface. It ingests arbitrary strings into a code execution context.
  • Ingestion points: The code parameter in the input schema (SKILL.md).
  • Boundary markers: Not explicitly defined in the prompt template, though the skill description mentions a sandboxed environment.
  • Capability inventory: Includes full Python execution with network access (via requests/httpx), browser automation (Selenium/Playwright), and file system access within the remote sandbox (writing to outputs/).
  • Sanitization: The skill relies on the vendor's server-side sandboxing for security rather than input sanitization.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 18, 2026, 02:54 AM