agents-sdk
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [Remote Code Execution / Dynamic Execution] (HIGH): The 'Code Mode' functionality described in 'references/codemode.md' enables the generation and execution of JavaScript at runtime based on LLM output. This is a significant security risk as it allows for arbitrary logic execution within the Worker context if the model is successfully manipulated.
- [Indirect Prompt Injection] (LOW): The skill processes untrusted external data through the email handling interface ('references/email.md'). Ingestion points: 'onEmail' method receives raw email content. Boundary markers: None present in examples. Capability inventory: Includes SQL access, network fetch, and code execution. Sanitization: Examples show raw email text being added to state and passed to the LLM without filtering.
- [External Downloads] (LOW): The SDK relies on several npm packages from Cloudflare and Vercel. These are trusted sources according to the [TRUST-SCOPE-RULE], though they remain external dependencies.
- [False Positive Alert] (SAFE): The automated scan alert for 'this.ca' is a false positive caused by the 'this.cancelSchedule' method name being misinterpreted as a Canadian domain.
Recommendations
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata