agent-builder-vercel-sdk
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill implements a chat interface that processes untrusted messages from user requests and passes them to the LLM and tool-calling logic.
- Ingestion points: The
messagesarray is ingested viaawait req.json()in the API route handler (app/api/chat/route.ts). - Boundary markers: The system prompt is a simple string with no explicit delimiters or instructions to ignore embedded commands.
- Capability inventory: The skill enables significant capabilities through tool calling, including image generation (
generateImage) and combining images, which could be targeted by adversarial input. - Sanitization: No sanitization or validation of the input message content is shown before it is sent to the model provider.
- [Data Exposure] (LOW): The documentation includes a hardcoded local file path from the author's development environment, which constitutes a minor information leak.
- Evidence:
Based on: /Users/danielcarreon/Documents/AI/software/tldraw-agent/.
Audit Metadata