ts-agent-sdk
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHCOMMAND_EXECUTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADS
Full Analysis
- COMMAND_EXECUTION (HIGH): The template file 'templates/db/client.ts' uses 'child_process.execSync' to execute shell commands via the Wrangler CLI for local database operations.
- Evidence: 'execSync(
npx wrangler d1 execute ${dbName} --local --json --command=\'${finalSql}\', ...)' - Risk: The 'dbName' variable, which is sourced from environment variables like 'SDK_D1_DATABASE_NAME', is interpolated directly into the backticked command string without shell escaping. An attacker who can influence this environment variable could achieve arbitrary command injection on the system running the generated SDK scripts.
- DATA_EXFILTRATION (MEDIUM): The generated SDK provides a powerful toolkit that combines direct database access with multiple network egress points to external APIs.
- Evidence: Integration of 'templates/db/client.ts' (database querying) with 'templates/api/gemini.ts', 'templates/api/slack.ts', and 'templates/api/webhook.ts' (external communication).
- Risk: This combination provides a ready-made path for querying sensitive data and transmitting it to external servers, which could be exploited for data exfiltration if the agent is tricked into creating malicious scripts.
- EXTERNAL_DOWNLOADS (LOW): The generated SDK and its examples rely on 'npx' to download and execute packages from the npm registry at runtime.
- Evidence: 'templates/db/client.ts' invokes 'npx wrangler', and 'SKILL.md' examples invoke 'npx tsx'.
- Risk: This introduces a runtime dependency on external code from the npm registry, which poses risks related to package availability and potential supply chain compromise, although these are common developer tools.
Recommendations
- AI detected serious security threats
Audit Metadata