python-executor
Warn
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: MEDIUMREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADS
Full Analysis
- [REMOTE_CODE_EXECUTION]: The primary function of the skill is to execute arbitrary Python code provided as a string in the input payload. This code is executed in a remote environment via the
infshplatform. While described as a sandboxed environment, this capability allows the agent to run arbitrary logic outside of the local system's constraints. - [COMMAND_EXECUTION]: The skill configuration grants the agent permission to execute the
infshCLI tool using theallowed-tools: Bash(infsh *)directive. This provides a direct interface for the agent to send code to a third-party service. - [DATA_EXFILTRATION]: The remote Python execution environment is pre-configured with numerous network-capable libraries, including
requests,httpx,aiohttp,selenium, andplaywright. This enables the execution of arbitrary network requests to external domains, which could be used to exfiltrate sensitive data if the agent has access to it. - [EXTERNAL_DOWNLOADS]: The skill references an external URL (
https://raw.githubusercontent.com/inference-sh/skills/refs/heads/main/cli-install.md) for CLI installation instructions. While this is a documentation link, it directs the user to fetch and install software from a third-party source not listed as a trusted vendor.
Audit Metadata