raison-sdk
Pass
Audited by Gen Agent Trust Hub on Feb 22, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADS
Full Analysis
- [EXTERNAL_DOWNLOADS] (LOW): The skill instructs the installation of the
raisonnpm package. Although this is the primary purpose of the skill, it involves an external dependency from a source outside the trusted list. - [INDIRECT_PROMPT_INJECTION] (LOW): The skill defines a workflow where untrusted data (variables) is interpolated into LLM prompts. By design, the SDK disables escaping (
noEscape: true), which is common for AI prompts but creates a surface for schema confusion or injection. - Ingestion points:
raison.render(id, variables)accepts arbitrary data objects from the host application. - Boundary markers: The provided examples do not demonstrate the use of delimiters (like XML tags or brackets) to isolate user-provided variables within the prompt templates.
- Capability inventory: The rendered output is explicitly intended to be used as system instructions for powerful LLMs such as Claude and GPT-4o, as shown in
references/examples.md. - Sanitization: Documentation in
references/sdk-reference.mdconfirms that HTML/special character escaping is disabled by default to maintain prompt integrity for LLMs. - [DYNAMIC_EXECUTION] (SAFE): The SDK performs runtime compilation of Handlebars templates. This is the core functionality of the tool and is treated as safe in the context of a prompt management SDK.
Audit Metadata