sandbox-sdk
Pass
Audited by Gen Agent Trust Hub on Apr 16, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the
@cloudflare/sandboxNPM package and utilize the officialcloudflare/sandboxDocker image, which are components provided by a well-known service provider. - [COMMAND_EXECUTION]: Implements code and shell command execution capabilities via
sandbox.runCode()andsandbox.exec()within isolated containers, which is the stated purpose of the SDK. - [DATA_EXFILTRATION]: Documents APIs for reading files from the sandbox and exposing ports for network service previews. These are documented neutrally as standard features of the environment.
- [PROMPT_INJECTION]: The skill presents a surface for indirect prompt injection due to its core function of executing external code. 1. Ingestion points:
sandbox.runCodeandsandbox.writeFile(SKILL.md). 2. Boundary markers: Not present in the generic API examples. 3. Capability inventory: Shell execution, code interpreter, file system access, and port exposure (SKILL.md). 4. Sanitization: Not provided in basic usage snippets. This represents a known attack surface for any code-execution tool.
Audit Metadata