hosted-agents
Pass
Audited by Gen Agent Trust Hub on Apr 27, 2026
Risk Level: SAFENO_CODEEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [NO_CODE]: The skill is a documentation-only resource providing conceptual guidance for hosted agent infrastructure without any executable scripts or code.\n- [EXTERNAL_DOWNLOADS]: References official documentation from well-known technology providers such as Cloudflare (Durable Objects) and Modal (Sandboxes) for infrastructure implementation guidance.\n- [EXTERNAL_DOWNLOADS]: References the official GitHub repository for SST's OpenCode project as an architectural example for server-first agent frameworks.\n- [DATA_EXFILTRATION]: Discusses best practices for managing GitHub authentication tokens, including the use of scoped GitHub App installation tokens and session-specific isolation to prevent credential misuse.\n- [PROMPT_INJECTION]: Identifies potential indirect prompt injection surfaces where agents ingest data from Slack, browser extensions, or source code repositories.\n
- Ingestion points: Processes external data from Slack threads, browser DOM/React internals, and cloned git repositories (SKILL.md).\n
- Boundary markers: Absent from the provided architectural overview.\n
- Capability inventory: Filesystem operations, sandboxed command execution, and GitHub API interactions for PR creation (SKILL.md).\n
- Sanitization: Proposes a plugin-based framework to conditionally monitor, block, or modify agent tool calls (SKILL.md).
Audit Metadata