together-code-interpreter

This skill is a legitimate client and documentation for a remote code execution product (Together Code Interpreter). Its stated purpose (run Python code in sandboxed remote sessions, install packages, upload files, reuse sessions) matches the described capabilities. However, the very nature of remote arbitrary code execution, combined with runtime package installation and reusable sessions, creates high-impact security risks: credential exposure, data exfiltration, transitive supply-chain compromise via pip installs, and potential for autonomous abuse when used with agentic workflows. The documentation itself is not malicious, but using this skill to execute untrusted code or to forward sensitive credentials to the remote runtime is high risk. Operators should assume that any secret or sensitive data used in code executed on this service could be exfiltrated, and they should restrict package installs, review session handling, and limit automated agentic execution. No evidence of obfuscation or embedded malware was found in the documentation; the main risk is the powerful capabilities provided to run arbitrary code remotely.