python-executor
Pass
Audited by Gen Agent Trust Hub on Apr 16, 2026
Risk Level: SAFEREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill's primary purpose is to execute Python code provided by the agent in a remote sandboxed environment hosted by inference.sh. This is the intended functionality and is implemented via the service's official app platform.
- [EXTERNAL_DOWNLOADS]: The documentation references installation instructions for the CLI tool located on the official GitHub repository for the inference-sh organization (github.com/inference-sh). These are neutral references to vendor resources.
- [COMMAND_EXECUTION]: The skill utilizes the
infshcommand-line tool to run applications and manage sessions. Access is restricted to this specific tool through the platform's frontmatter configuration (allowed-tools: Bash(infsh *)). - [SAFE]: No malicious patterns, obfuscation, or unauthorized data exfiltration attempts were detected. The skill follows best practices by using a dedicated sandbox for code execution and limiting the available command surface.
- [SAFE]: Potential surface for indirect prompt injection exists because the skill can ingest and process data from external websites (e.g., via BeautifulSoup and requests).
- Ingestion points: Data from external URLs enters the agent context through Python script outputs (SKILL.md).
- Boundary markers: Not explicitly defined within the skill's instructions.
- Capability inventory: The skill enables network operations and file output generation within its remote sandbox.
- Sanitization: No specific sanitization of scraped content is implemented in the provided examples.
Audit Metadata