javascript-sdk
Pass
Audited by Gen Agent Trust Hub on Apr 14, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill consists entirely of Markdown documentation and instructional code snippets. It contains no executable scripts, installers, or binary files that could pose a threat to the host environment.
- [SAFE]: All external references, including the 'inference.sh' domain and the '@inferencesh/sdk' npm package, are verified resources belonging to the official vendor.
- [SAFE]: The skill promotes secure authentication practices, explicitly instructing users to manage API keys via environment variables or server-side proxies rather than exposing them in frontend code.
- [COMMAND_EXECUTION]: Documentation examples for tool handlers (e.g., in
references/tool-builder.md) demonstrate the use of theeval()function to implement a calculator tool. While this is an instructional pattern for library users and not a malicious script within the skill itself, it represents a dynamic execution risk if adopted into a user's code without strict input validation. - [SAFE]: The skill includes documentation for implementing human-in-the-loop approval workflows, which is a key security measure for agents performing sensitive operations.
Audit Metadata