# Unsafe Or Untrusted Code Inspection

Recommended profile: `workspace-core`

Smoke target:

```bash
make smoke-untrusted-inspection
```

Use this flow when the agent needs to inspect suspicious code or an unfamiliar
repo without granting more capabilities than necessary.

Canonical SDK flow:

```python
from pyro_mcp import Pyro

pyro = Pyro()
created = pyro.create_workspace(environment="debian:12", seed_path="./suspicious-repo")
workspace_id = str(created["workspace_id"])

pyro.list_workspace_files(workspace_id, path="/workspace", recursive=True)
pyro.read_workspace_file(workspace_id, "suspicious.sh")
pyro.exec_workspace(
    workspace_id,
    command="sh -lc \"grep -n 'curl' suspicious.sh > inspection-report.txt\"",
)
pyro.export_workspace(workspace_id, "inspection-report.txt", output_path="./inspection-report.txt")
pyro.delete_workspace(workspace_id)
```

This recipe stays offline-by-default, uses only explicit file reads and execs,
and exports only the inspection report the agent chose to materialize.