The Agent Skills Directory

[Remote Code Execution] (CRITICAL): The 'Quick Start' instructions recommend running curl -fsSL https://cli.inference.sh | sh. This pattern executes code from an untrusted external domain directly in the host shell without verification, allowing the source to gain full control of the environment.
[Indirect Prompt Injection] (HIGH): The skill functions by executing Python code provided in the code input field. Since this field is intended to be populated by the agent based on untrusted external data (like web content or user requests), it is highly susceptible to indirect prompt injection where an attacker can force the execution of malicious Python logic.
Ingestion points: code parameter in the input schema.
Boundary markers: Absent; instructions are interpolated directly into the execution context.
Capability inventory: Full Python 3.10 environment with network access (requests, httpx), file writing, and browser automation (playwright, selenium).
Sanitization: None provided; the skill is designed for arbitrary execution.
[Command Execution] (HIGH): The skill uses allowed-tools: Bash(infsh *), which grants the AI agent the capability to run any subcommand of the infsh utility. Given that infsh is installed via the untrusted RCE method mentioned above, this constitutes a significant security risk.
[Data Exfiltration] (MEDIUM): The execution environment includes libraries for network communication (requests, aiohttp, scrapy) and browser automation. These can be leveraged to exfiltrate sensitive data or tokens from the environment to external domains if the generated Python script is influenced by a malicious prompt.

python-executor