sandbox-service
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONDATA_EXFILTRATION
Full Analysis
- COMMAND_EXECUTION (HIGH): The service is designed to execute arbitrary Python, Shell, and Bash commands. This constitutes a high-risk capability sink.
- REMOTE_CODE_EXECUTION (HIGH): The skill provides a direct interface for executing dynamically generated code strings. If the calling agent incorporates untrusted external data into the 'code' parameter, it leads to Remote Code Execution.
- DATA_EXFILTRATION (MEDIUM): The 'trusted_mode' parameter explicitly allows the code to access the 'myagent_network' and call other internal service clients (e.g., EmbeddingServiceClient). This could be exploited to exfiltrate sensitive data from the internal network.
- PROMPT_INJECTION (HIGH): There is a critical surface for Indirect Prompt Injection (Category 8). The skill lacks any internal sanitization or boundary markers for the code it executes. It relies entirely on the agent to prevent malicious instructions from being passed into the 'code' variable.
- PRIVILEGE_ESCALATION (MEDIUM): The 'trusted_mode' serves as a privilege escalation toggle, moving the execution environment from a restricted, isolated sandbox to a network-connected environment with access to other service APIs.
Recommendations
- AI detected serious security threats
Audit Metadata