python-executor
Pass
Audited by Gen Agent Trust Hub on Apr 30, 2026
Risk Level: SAFEREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill's primary purpose is the execution of user-supplied Python code on a remote infrastructure managed by inference.sh. This functionality is clearly disclosed and serves as the core utility of the skill.
- [COMMAND_EXECUTION]: The skill utilizes the 'belt' command-line utility to interact with the remote service, manage authentication, and run the Python execution environment.
- [EXTERNAL_DOWNLOADS]: The documentation references an external installation script for the 'belt' CLI tool located on the official inference-sh GitHub repository.
- [PROMPT_INJECTION]: The skill processes arbitrary Python code, which presents an attack surface for indirect prompt injection if the code to be executed is derived from untrusted third-party data.
- Ingestion points: The 'code' property within the input JSON structure in SKILL.md.
- Boundary markers: None present; the skill does not explicitly instruct the model to ignore potentially malicious content within the provided code string.
- Capability inventory: The environment provides extensive capabilities including network requests (requests, httpx), data manipulation (pandas, numpy), and browser automation (selenium, playwright).
- Sanitization: None described; the skill relies on the host's sandboxing (inference.sh) for security isolation.
Audit Metadata