t2000-engine
Pass
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill documentation specifies the installation of the @t2000/engine package from the NPM registry as a requirement.\n- [PROMPT_INJECTION]: The skill provides an interface for agents to process user instructions and execute financial tools, which creates a potential surface for indirect prompt injection.\n
- Ingestion points: Untrusted user input enters the agent context through the engine.submitMessage(prompt) method in SKILL.md.\n
- Boundary markers: The documentation does not specify the use of delimiters (e.g., XML tags or triple quotes) to separate user content from system instructions.\n
- Capability inventory: The engine exposes a variety of tools across SKILL.md, including financial write operations like withdraw and send_transfer, as well as MCP integration capabilities.\n
- Sanitization: The framework incorporates the zod library for strict input schema validation and defines a tiered permission system (auto, confirm, explicit) to ensure sensitive operations require user or client-side confirmation.\n- [SAFE]: The code examples demonstrate secure management of sensitive credentials by using environment variables (process.env.ANTHROPIC_API_KEY, process.env.T2000_PIN) instead of hardcoding values.
Audit Metadata