modal-knowledge
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- Dynamic Execution (LOW): The documentation in 'references/sandboxes-code-execution.md' demonstrates how to execute arbitrary Python strings using 'modal.Sandbox'. While presented as a secure feature for running untrusted code, this represents a dynamic execution capability. Severity is lowered because the examples explicitly include security mitigations like 'block_network=True' and gVisor isolation.\n- Unverifiable Dependencies & Remote Code Execution (LOW): Multiple files describe using 'pip_install' to download external packages such as 'torch', 'transformers', and 'fastapi'. These are standard, well-known libraries in ML development, and the risk is considered low in the context of documented platform behavior.\n- Indirect Prompt Injection (LOW): The provided 'Code Playground' example creates an indirect prompt injection surface where untrusted user input is directly executed.\n
- Ingestion points: The 'code' parameter in 'execute_user_code' and 'CodeExecutor.execute' functions within 'references/sandboxes-code-execution.md'.\n
- Boundary markers: The documentation recommends using 'block_network=True', 'timeout', and resource limits (CPU/Memory) to mitigate malicious actions.\n
- Capability inventory: The sandbox provides access to subprocess execution ('sb.exec') and filesystem operations ('sb.fs').\n
- Sanitization: No input sanitization is performed on the 'code' string, with the platform relying on environment-level sandboxing for security.
Audit Metadata