agent-sandbox
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill ingests user-provided requirements and code to be executed in a sandbox, which is a classic injection surface. 1. Ingestion points: Requirements analysis and code execution parameters in mcp__flow-nexus__sandbox_execute. 2. Boundary markers: None specified to distinguish data from instructions. 3. Capability inventory: Includes code execution, package installation, and file uploads. 4. Sanitization: No sanitization or validation logic is mentioned.
- [Dynamic Execution] (LOW): The skill provides tools for arbitrary code execution and package installation via E2B sandboxes. While isolated, these are high-privilege capabilities and are documented here as part of the core functionality.
Audit Metadata