Skills
skills/sumik5/sumik-claude-plugin/building-adk-agents/Gen Agent Trust Hub

building-adk-agents

Warn

Audited by Gen Agent Trust Hub on Mar 6, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [DYNAMIC_EXECUTION]: The documentation provides implementation details and usage examples for an 'UnsafeLocalCodeExecutor'. This component uses the Python exec() function to execute code generated by the LLM within the same process as the application. While the documentation contains warnings against production use, it provides the code and configuration to enable this high-risk behavior.
  • Evidence found in references/CODE-EXECUTION-AND-MODELS.md.
  • [COMMAND_EXECUTION]: The skill provides instructions for using ContainerCodeExecutor and MCPToolset, which involve executing system commands (such as docker, python, and node) and spawning subprocesses to manage agent environments and external tools.
  • Evidence found in references/CODE-EXECUTION-AND-MODELS.md and references/AGENT-AND-TOOLS.md.
  • [PROMPT_INJECTION]: The skill describes patterns for building agents that ingest untrusted data from external sources, including web pages (load_web_page), corporate documents (RAG), and Slack messages. This creates a significant surface for indirect prompt injection, where malicious instructions embedded in processed data could influence agent behavior.
  • Evidence found in references/RAG-AND-GROUNDING.md and references/UI-INTEGRATION.md.
  • [EXTERNAL_DOWNLOADS]: The skill's setup and integration guides reference the installation of various Python packages from external registries and GitHub. While many originate from trusted organizations (Google), the instructions include framework-specific dependencies like ag_ui_adk from less established sources.
  • Evidence found in INSTRUCTIONS.md and references/UI-INTEGRATION.md.
  • [DATA_EXFILTRATION]: Documentation for 'A2A' (Agent-to-Agent) tools and OpenAPI integrations provides code for tools that perform network operations (httpx, requests) to remote URLs. If an agent is manipulated into using these capabilities against unintended targets, it could be used for data exposure or SSRF attacks.
  • Evidence found in references/MULTI-AGENT-AND-A2A.md and references/AGENT-AND-TOOLS.md.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 6, 2026, 02:12 PM