python-executor
Warn
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill requests permission to execute the
infsh(inference.sh) command-line tool. This allows the agent to interact with remote infrastructure and manage remote applications. - [REMOTE_CODE_EXECUTION]: The core functionality is to run arbitrary Python scripts provided as strings. The execution environment includes network access and a wide array of libraries (e.g., requests, Selenium, Playwright), which could be misused to perform unauthorized network operations or interact with external services if the input code is malicious.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection.
- Ingestion points: The
codefield in the input schema accepts raw Python strings generated or retrieved by the agent from potentially untrusted sources. - Boundary markers: There are no markers or validation rules defined to ensure the agent distinguishes between its own instructions and data retrieved from the web when constructing the Python code.
- Capability inventory: The execution environment allows for subprocess execution, network requests, and file manipulation within the remote container.
- Sanitization: The skill does not provide any mechanisms to sanitize or validate the Python code before it is sent to the executor.
Audit Metadata