The Agent Skills Directory

[COMMAND_EXECUTION]: The skill utilizes the infsh CLI tool to run the infsh/python-executor app, which is a legitimate use of the vendor's provided infrastructure.
[EXTERNAL_DOWNLOADS]: The documentation references the installation of inference-sh/skills@agent-tools via npx and interactions with the inference.sh domain, both of which are official vendor resources.
[REMOTE_CODE_EXECUTION]: The skill's primary function is the remote execution of Python code. This is conducted within a sandbox environment and is the intended purpose of the skill.
[PROMPT_INJECTION]: The skill presents an attack surface for indirect prompt injection because it executes code provided via input parameters.
Ingestion points: Untrusted code enters through the code field in the input JSON schema.
Boundary markers: There are no explicit delimiters or instructions within the skill definition to prevent the model from obeying instructions embedded in the provided code.
Capability inventory: The execution environment includes full network access (via requests, httpx), file system access within the sandbox, and 100+ powerful libraries for data and file manipulation.
Sanitization: No sanitization or validation of the input Python code is performed by the skill itself, relying instead on the remote environment's sandbox for security.

python-executor