Skills
skills/aradotso/trending-skills/open-agent-sdk/Gen Agent Trust Hub

open-agent-sdk

Warn

Audited by Gen Agent Trust Hub on Mar 31, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill facilitates the use of a Bash tool, granting the agent the capability to execute arbitrary shell commands on the host environment.
  • [DATA_EXFILTRATION]: By combining file-access tools (Read, Grep) with network-access tools (WebFetch, WebSearch), the skill provides a mechanism that could be used to read sensitive local data and transmit it to external endpoints.
  • [PROMPT_INJECTION]: The SDK exposes a surface for indirect prompt injection by design, as it enables agents to ingest untrusted content from the web or local files and then execute powerful system actions based on that data.
  • Ingestion points: External data is ingested through the Read, WebFetch, and WebSearch tools.
  • Boundary markers: Code examples do not demonstrate the use of delimiters or specific safety instructions to isolate untrusted content from the agent's core instruction set.
  • Capability inventory: The agent possesses high-impact tools including Bash, Write, Edit, and Agent (for spawning subagents).
  • Sanitization: While the skill mentions a canUseTool callback for custom permission logic, there is no default enforcement of data sanitization or input validation for external content.
  • [EXTERNAL_DOWNLOADS]: The skill requires downloading the core @shipany/open-agent-sdk library and additional Model Context Protocol (MCP) servers from the NPM registry.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 31, 2026, 11:47 PM