python-executor
Pass
Audited by Gen Agent Trust Hub on Apr 16, 2026
Risk Level: SAFEREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [REMOTE_CODE_EXECUTION]: The primary purpose of the skill is to execute arbitrary Python code on a remote infrastructure via the
infshCLI. The code is sent as a JSON payload to theinference.shservice. - [COMMAND_EXECUTION]: The skill requires access to the
Bashtool to run theinfshcommand-line utility for logging in and running applications. - [EXTERNAL_DOWNLOADS]: The documentation points to external installation scripts for the CLI hosted on GitHub (
raw.githubusercontent.com/inference-sh/skills/refs/heads/main/cli-install.md). - [PROMPT_INJECTION]: The skill facilitates indirect prompt injection risks through its web scraping and data processing capabilities.
- Ingestion points: The skill explicitly supports fetching untrusted data from external websites using pre-installed libraries like
requests,BeautifulSoup,Selenium, andPlaywright(e.g., inSKILL.mdexamples). - Boundary markers: There are no instructions or delimiters provided to help the agent distinguish between the execution results and potential malicious instructions embedded in scraped content.
- Capability inventory: The skill possesses high-privilege capabilities including network access, file system writes (to the
outputs/directory), and arbitrary code execution. - Sanitization: The skill does not implement or require sanitization of the data retrieved from the web before it is incorporated into the agent's context.
Audit Metadata