javascript-sdk
Pass
Audited by Gen Agent Trust Hub on Mar 25, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill consists entirely of technical documentation and code samples for the @inferencesh/sdk NPM package, which is an official resource from the author. No malicious payloads or unauthorized activities were detected.
- [DATA_EXFILTRATION]: The documentation promotes security best practices by recommending the use of server-side proxies and environment variables for managing API keys, preventing their exposure in client-side code.
- [REMOTE_CODE_EXECUTION]: While code examples illustrating tool implementation (such as a calculator using eval()) are provided for developer guidance, these are illustrative and do not represent malicious execution within the skill itself.
- [SAFE]: Human-in-the-loop patterns are explicitly documented, showing developers how to implement approval steps for sensitive tool operations like file deletion.
Audit Metadata