sandbox-sdk
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill references the @cloudflare/sandbox NPM package and the official cloudflare/sandbox container image from Docker Hub. These are trusted resources from a well-known organization.
- [COMMAND_EXECUTION]: The SDK provides a structured interface for executing shell commands and arbitrary scripts within isolated environments. This functionality is the primary intended purpose of the skill and uses standard sandboxing practices.
- [INDIRECT_PROMPT_INJECTION]: The skill facilitates the execution of code that may be generated by an AI, representing an indirect prompt injection surface. 1. Ingestion points: Arguments passed to the runCode and exec methods as documented in SKILL.md. 2. Boundary markers: No explicit boundary markers or safety instructions are defined in the provided snippets. 3. Capability inventory: The sandbox environment supports command execution, file system manipulation, and port exposure. 4. Sanitization: The implementation relies on the robust isolation provided by the Cloudflare Workers sandbox architecture rather than string-based sanitization.
Audit Metadata