python-sdk
Warn
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: MEDIUMREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The documentation and reference files (specifically references/tool-builder.md and references/agent-patterns.md) suggest using the Python 'eval()' function to handle dynamic inputs for a calculator tool example. Executing 'eval()' on strings generated by an LLM is dangerous and could be exploited to run arbitrary code on the host machine.
- [EXTERNAL_DOWNLOADS]: The skill documentation (SKILL.md) instructs users to install the 'inferencesh' package from PyPI. This is a standard installation of the vendor-provided SDK.
- [COMMAND_EXECUTION]: The skill's 'allowed-tools' metadata permits the execution of 'pip install' and 'python' commands, which are required for setting up the environment and executing the provided code examples.
Audit Metadata