baml
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- Indirect Prompt Injection (SAFE): The skill demonstrates how to ingest untrusted data into prompts. It includes evidence of boundary markers (e.g., '---') and explicit formatting instructions which help mitigate prompt confusion.
- Dynamic Execution (SAFE): The skill uses local code generation (via baml-cli) to create typed clients. This process is standard for DSL-based tools and does not involve runtime execution of untrusted remote scripts.
- Data Exposure (SAFE): Usage of environment variables for API keys is documented, which is a secure practice for managing LLM provider credentials.
Audit Metadata