python-executor
Fail
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill documentation provides an installation command
curl -fsSL https://cli.inference.sh | shwhich downloads and executes an arbitrary shell script from a remote domain. This source is not on the trusted vendors list and represents a significant security risk. - [EXTERNAL_DOWNLOADS]: The skill's installation process involves downloading a binary executable from
dist.inference.sh. This external resource is not verified within the skill's manifest and originates from a non-trusted domain. - [COMMAND_EXECUTION]: The skill utilizes the
infshcommand-line tool to execute logic. This capability allows the agent to run arbitrary code and interact with the underlying system or the remote sandboxed environment. - [PROMPT_INJECTION]: The skill is highly susceptible to indirect prompt injection because it executes Python code based on input that may contain instructions from untrusted sources.
- Ingestion points: The
codefield in the input JSON processes free-form text strings as executable code. - Boundary markers: There are no boundary markers or instructions to the LLM to ignore or sanitize embedded instructions within the code block.
- Capability inventory: The environment provided by
infshincludes extensive libraries for network access (requests, httpx, aiohttp), browser automation (selenium, playwright), and file manipulation, providing a powerful toolkit for potential attackers. - Sanitization: The skill does not perform any validation, sanitization, or safety checks on the Python code before passing it to the execution engine.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata