code-sandbox
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill invokes the docker command-line interface via asyncio.create_subprocess_exec to execute code in an isolated environment.\n- [EXTERNAL_DOWNLOADS]: The skill allows for the installation of third-party Python packages using pip within the sandbox to meet script requirements.\n- [REMOTE_CODE_EXECUTION]: The skill executes arbitrary code provided as string input, which is the intended behavior of a code interpreter tool mitigated by sandboxing.\n- [PROMPT_INJECTION]: The skill creates a surface for indirect prompt injection as it executes untrusted data. 1. Ingestion points: code and files arguments in the sandbox execution functions. 2. Boundary markers: No delimiters or ignore instructions are used for the input code. 3. Capability inventory: Spawns Docker subprocesses with restricted CPU/memory and mounted temporary directories. 4. Sanitization: Relies on container-based isolation rather than input filtering.
Audit Metadata