javascript-sdk
Pass
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill requests permission to execute shell commands via
npm,yarn,pnpm, andnode. This access is necessary to install the SDK and execute scripts as part of the development workflow described in the documentation. - [EXTERNAL_DOWNLOADS]: The skill references the
@inferencesh/sdkpackage on the npm registry. This is a vendor-owned resource corresponding to the skill's author (inference-sh-9). - [REMOTE_CODE_EXECUTION]: Reference materials describe a
codeExecutionfeature that allows agents to run code dynamically. This is presented as an internal tool within the inference.sh platform ecosystem. - [COMMAND_EXECUTION]: Documentation in
references/tool-builder.mdincludes a code snippet usingeval()to process mathematical expressions. While provided as a simple example,eval()can lead to arbitrary code execution if used with unvalidated inputs. - [PROMPT_INJECTION]: The skill documents building agents that ingest untrusted data from tool outputs and user messages, representing an indirect prompt injection surface.
- Ingestion points: Data enters via
agent.sendMessageandagent.submitToolResultinreferences/tool-builder.mdandreferences/agent-patterns.md. - Boundary markers: Examples demonstrate interpolation of content without specific instruction-isolation delimiters.
- Capability inventory: The skill enables shell command execution, file system access, and web search capabilities.
- Sanitization: No explicit content validation or sanitization logic is shown in the provided implementation examples.
Audit Metadata