python-sdk
Pass
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The documentation describes enabling internal code execution capabilities (
code_execution(True)) for AI agents. This allows the agent to generate and execute its own code to complete tasks, which poses a security risk if the agent processes untrusted inputs. - [REMOTE_CODE_EXECUTION]: Documentation examples in
references/tool-builder.mddemonstrate the use of theeval()function to handle mathematical expressions within tool handlers. This is an unsafe programming practice that allows for arbitrary code execution if the agent is manipulated into generating a malicious payload. - [EXTERNAL_DOWNLOADS]: The skill requires the installation of the
inferenceshPython package and references other libraries such asrequests,aiohttp, andfastapifor various integration and processing patterns. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8).
- Ingestion points: Agents can ingest untrusted data through local file uploads (
client.upload_file), file attachments in messages, and results from external search tools. - Boundary markers: There are no instructions for using delimiters or warnings to ignore embedded commands when the agent processes external data.
- Capability inventory: The SDK provides powerful tools including internal code execution, network access via webhooks, and file system management.
- Sanitization: No sanitization or validation techniques are demonstrated before processing untrusted content or executing tool calls based on agent output.
Audit Metadata