agent-builder-vercel-sdk
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (LOW): The skill implements an agentic pattern that processes untrusted user input and allows for multi-step tool execution, creating a surface for indirect prompt injection vulnerabilities.\n
- Ingestion points: Untrusted user messages are ingested directly from the request body in the chat route handler (
req.json()) in the fileapp/api/chat/route.ts.\n - Boundary markers: There are no explicit delimiters (such as triple quotes or XML tags) or system instructions used in the prompt templates to separate user content from system instructions or to prevent the model from obeying instructions contained within the user messages.\n
- Capability inventory: The system is configured with tool-calling capabilities (including
generateImage,generateAvatar, andcombineImages) and is allowed up to 5 steps of autonomous execution (maxSteps: 5), which may include potential network requests viafetch.\n - Sanitization: The provided code snippets do not implement input validation, escaping, or filtering of the external content before it is processed by the AI provider.
Audit Metadata