modal
Pass
Audited by Gen Agent Trust Hub on Mar 24, 2026
Risk Level: SAFEDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: Documentation examples demonstrate patterns for exposing sensitive local files and directory structures to remote cloud environments.\n
- Evidence:
references/images.mdprovides an example for mounting the~/.awscredentials directory into a container image via.add_local_dir("/user/erikbern/.aws", ...).\n - Evidence:
references/web-endpoints.mddemonstrates an example of serving the root directory (/) of a remote container via an unauthenticated web server usingpython -m http.server -d /.\n- [COMMAND_EXECUTION]: The skill facilitates the execution of arbitrary Python code and shell commands on remote infrastructure as a core feature.\n - Evidence: Use of
@app.function,modal run, andsubprocess.Popenin examples throughout the skill documentation and reference files.\n- [PROMPT_INJECTION]: The skill provides patterns for building public web endpoints that ingest untrusted data, serving as a surface for indirect prompt injection.\n - Ingestion points: Web endpoints defined in
references/web-endpoints.md(e.g.,@modal.fastapi_endpoint()processingdata: dict).\n - Boundary markers: Examples do not utilize delimiters or specific instructions to isolate data from processing commands.\n
- Capability inventory: The skill documents extensive capabilities including remote code execution, persistent volume writes, and network operations.\n
- Sanitization: Provided examples do not demonstrate validation, escaping, or filtering of data received from external API requests.
Audit Metadata