agent-sandbox
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill is designed specifically to manage remote code execution workflows using the E2B sandbox service. It provides tools to create environments, execute code, and manage file lifecycles.
- [COMMAND_EXECUTION]: The tool
mcp__flow-nexus__sandbox_executeallows the agent to run arbitrary code in multiple languages (Node.js, Python, etc.) within the created sandboxes. - [EXTERNAL_DOWNLOADS]: The skill supports the dynamic installation of packages from external registries (e.g., npm, pip) as part of the sandbox configuration process, specifically via the
install_packagesparameter. - [PROMPT_INJECTION]: The skill manages a significant attack surface for indirect prompt injection because it ingests and executes data from untrusted sources.
- Ingestion points: Data enters the agent's context through the
codeparameter in execution calls and thecontentparameter in file upload calls. - Boundary markers: The provided instructions do not include specific delimiters or warnings to ignore instructions embedded within the code or files being processed.
- Capability inventory: The skill possesses the ability to execute code, install software, and perform network operations within the isolated sandbox environment.
- Sanitization: There is no evidence of input validation or sanitization for the code snippets or file contents handled by the tools.
Audit Metadata