together-code-sandbox
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructions specify the installation of the '@codesandbox/sdk' NPM package and the use of 'npx' CLI tools. These are official, verified resources provided by CodeSandbox, a well-known and trusted technology company.
- [COMMAND_EXECUTION]: The skill provides a primary function to execute arbitrary shell commands within a remote virtual machine (e.g., via 'session.commands.run'). This is the core intended purpose of the sandbox environment.
- [REMOTE_CODE_EXECUTION]: The skill is designed to facilitate the creation and management of remote compute environments for code execution. This behavior is authorized and managed through an official third-party SDK.
- [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection due to its broad capabilities.
- Ingestion points: User-controlled code and data passed to 'session.commands.run' and 'fs.writeTextFile' as shown in 'SKILL.md'.
- Boundary markers: No explicit boundary markers or instructions to ignore embedded commands are present in the SDK examples.
- Capability inventory: The environment provides full shell access, network connectivity, and filesystem persistence.
- Sanitization: No input validation or content sanitization is described in the provided technical instructions.
Audit Metadata