adk
Pass
Audited by Gen Agent Trust Hub on Apr 1, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to use the 'adk' CLI tool (e.g.,
adk search,adk info,adk deploy) to assist with developer workflows. These operations are intended for project management and integration discovery within the Botpress platform. - [PROMPT_INJECTION]: The skill utilizes user-provided input to construct CLI commands, such as
adk search <query>. This creates a surface for indirect prompt injection where a user might attempt to inject additional shell commands. However, this functionality is associated with the primary purpose of the skill as a developer assistant. - Ingestion points: User-supplied queries for integration search and project information in
SKILL.md. - Boundary markers: No explicit delimiters or warnings to ignore embedded instructions are present in the command templates.
- Capability inventory: The skill utilizes the Bash tool for CLI execution, as well as Glob, Grep, and Read for searching and loading documentation files.
- Sanitization: No explicit sanitization logic or validation steps for user-supplied strings are included in the instructions.
- [EXTERNAL_DOWNLOADS]: The documentation references standard package managers (
npm,bun,pnpm,yarn) and commands likenpx skills addto manage development dependencies. These operations target well-known registries and official vendor repositories. - [CREDENTIALS_UNSAFE]: The skill follows security best practices by instructing users to store sensitive tokens (e.g.,
BOTPRESS_TOKEN,SLACK_BOT_TOKEN) in environment variables or.envfiles rather than hardcoding them into the agent configuration.
Audit Metadata