openhands-api
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill facilitates interaction with 'https://app.all-hands.dev', which is the official domain for OpenHands. This is documented and consistent with the vendor's own infrastructure.
- [SAFE]: The implementation handles authentication securely by retrieving the API key from environment variables or constructor parameters rather than using hardcoded secrets.
- [PROMPT_INJECTION]: A surface for indirect prompt injection exists in 'scripts/openhands_api.py' and 'scripts/openhands_api.ts' where local file content is ingested via the 'create_conversation_from_prompt_files' method. This input is used to construct the initial message for an OpenHands conversation.
- Ingestion points: Local file system access via the 'prompt_file' parameter in the Python and TypeScript clients.
- Boundary markers: The skill does not implement boundary markers to separate file content from the surrounding prompt context.
- Capability inventory: The skill includes functions for full conversation management, including message addition and file list retrieval via the OpenHands API.
- Sanitization: Content read from files is included in the API request without sanitization or validation.
Audit Metadata