Skills
skills/existential-birds/beagle/deepagents-implementation/Gen Agent Trust Hub

deepagents-implementation

Fail

Audited by Gen Agent Trust Hub on Feb 15, 2026

Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [Indirect Prompt Injection] (HIGH): The patterns describe agents that ingest untrusted data from the web (web_search) and files (read_file) while possessing the capability to execute shell commands (execute) and modify files (write_file, edit_file). Evidence: 1. Ingestion points: web_search in patterns.md and read_file in tools.md. 2. Boundary markers: Absent in system prompts. 3. Capability inventory: execute, write_file, edit_file, and task in tools.md. 4. Sanitization: No sanitization or validation of external content is mentioned.
  • [Command Execution] (HIGH): The execute tool explicitly enables shell command execution. The FilesystemBackend example in patterns.md points to a local user directory (/Users/dev/project), which could lead to host compromise if the agent is manipulated via prompt injection.
  • [Data Exposure & Exfiltration] (MEDIUM): The filesystem tools (ls, read_file, grep) allow access to absolute paths. Without strict sandboxing or path validation beyond the root_dir, this creates a risk of exposing sensitive system files or credentials if the agent is misconfigured.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 15, 2026, 10:30 PM