javascript-sdk
Pass
Audited by Gen Agent Trust Hub on Mar 21, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill consists entirely of documentation and instructional content for the @inferencesh/sdk. It does not contain any executable logic or scripts that could perform malicious actions.
- [SAFE]: The documentation actively promotes secure architecture patterns, such as implementing server proxies in Next.js or Express to avoid exposing INFERENCE_API_KEY in the browser.
- [SAFE]: The skill provides explicit guidance on implementing human-in-the-loop security (requireApproval) for sensitive tools like file deletion or external notifications.
- [SAFE]: All external dependencies (e.g., @inferencesh/sdk) and referenced repositories belong to the verified vendor ecosystem (inference-sh) and follow legitimate naming conventions.
- [SAFE]: No obfuscation, data exfiltration, or unauthorized remote code execution patterns were detected within the documentation's code snippets.
Audit Metadata