agents-ts
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (LOW): The documentation requires the installation of several packages from the @livekit npm scope. Although this organization is not on the predefined trusted list, these dependencies are intrinsic to the skill's primary purpose of building LiveKit-based agents and are handled through standard package management.
- [COMMAND_EXECUTION] (LOW): The skill demonstrates how to define function tools with 'execute' blocks. This allows for arbitrary code execution in response to AI decisions. The provided examples show safe use cases (e.g., weather lookups or lighting control), but this capability is a standard surface for potential misuse.
- [PROMPT_INJECTION] (LOW): The skill processes untrusted user audio and text which could be used to manipulate agent behavior or tool execution.
- Ingestion points:
userInputinAgentSession.generateReplyand realtime audio streams via LiveKit rooms. - Boundary markers: Examples use high-level system instructions but do not demonstrate the use of explicit delimiters to isolate user-provided content.
- Capability inventory: Tools are shown capable of modifying state (light control) and performing API calls.
- Sanitization: The documentation recommends the use of the
zodlibrary for parameter validation, which is a key mitigation against schema confusion and malicious input parameters.
Audit Metadata