agentica-server
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- Prompt Injection (SAFE): The document contains the phrase 'CRITICAL: Use ACTUAL tools' within an anti-hallucination prompt. This is a standard steering instruction for agents and does not attempt to bypass safety filters or override core system constraints.
- Indirect Prompt Injection (LOW): The skill configures an agent architecture that processes LLM output and has access to 'Bash' and 'Read' tools, creating an inherent surface for indirect prompt injection common to agent frameworks.
- Ingestion points: The
claude_proxy.pyscript and agent scripts ingest data from external LLM responses. - Boundary markers: No specific boundary markers or delimiters are defined in the provided setup instructions.
- Capability inventory: The skill explicitly allows 'Bash' and 'Read' tools in its YAML metadata.
- Sanitization: No sanitization or validation logic is mentioned for the data passed between the proxy and the SDK.
- Command Execution (SAFE): The provided commands use 'uv' for local script execution and 'curl' for localhost health checks. These are routine operations for a developer setup and do not involve remote code execution or suspicious piped commands.
Audit Metadata