Skills
skills/cruldra/skills/using-deepagents-sdk/Gen Agent Trust Hub

using-deepagents-sdk

Pass

Audited by Gen Agent Trust Hub on Apr 11, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill provides comprehensive instructions for implementing the LocalShellBackend, which allows the agent to execute arbitrary shell commands on the host environment. The documentation explicitly warns that this feature should only be used in local development settings.
  • [PROMPT_INJECTION]: The instructions describe a framework that is susceptible to indirect prompt injection. The system is designed to ingest data from external sources (such as local files and subagent reports) and can process that data using high-privilege tools like shell execution.
  • Ingestion points: Untrusted data enters the context via FilesystemBackend (reading files) and SubAgent tasks (processing external model outputs).
  • Boundary markers: The documentation does not demonstrate the use of specific delimiters or 'ignore' instructions to separate untrusted data from the agent's core logic in the provided code snippets.
  • Capability inventory: The framework supports high-impact capabilities including arbitrary shell execution (execute), file creation (write_file), and file modification (edit_file).
  • Sanitization: The guide provides documentation for FilesystemPermission to restrict access to specific paths and interrupt_on to require human review before sensitive tool calls.
  • [SAFE]: The skill references legitimate developer tools and documentation hosted on well-known platforms such as langchain.com and agentskills.io.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 11, 2026, 07:23 AM