javascript-sdk
Pass
Audited by Gen Agent Trust Hub on Apr 17, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill consists of documentation and code examples for the @inferencesh/sdk. All external resources and package references originate from the verified vendor scope.\n- [PROMPT_INJECTION]: The skill documents patterns where agents ingest untrusted data from users (agent.sendMessage) and external tools (tavily/search-assistant in references/agent-patterns.md). These agents are shown with capabilities such as code execution and network operations. Developers should implement sanitization and boundary markers when building such agents.\n
- Ingestion points: agent.sendMessage in SKILL.md and references/agent-patterns.md; search results from tavily/search-assistant in references/agent-patterns.md.\n
- Boundary markers: Not explicitly defined in the provided examples.\n
- Capability inventory: internalTools().codeExecution(true), webhookTool, and client.uploadFile documented in SKILL.md and references/tool-builder.md.\n
- Sanitization: Examples focus on functionality and do not explicitly show input validation or sanitization logic.\n- [REMOTE_CODE_EXECUTION]: Documentation provides code examples for a calculator tool using eval() to process mathematical expressions from tool arguments (found in references/agent-patterns.md and references/tool-builder.md). While appropriate for the context of a calculator example, users should be cautious of executing arbitrary code from tool inputs in production.
Audit Metadata