cloudbase-agent-ts
Pass
Audited by Gen Agent Trust Hub on Mar 26, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: No malicious patterns or security threats were identified. The skill provides clear documentation and code examples for using vendor-supported SDKs and integrations.\n- [PROMPT_INJECTION]: The SDK documentation describes a 'Client Tools' feature which constitutes an indirect prompt injection surface. Ingestion points: Tool definitions provided by clients in requests, which are processed in
adapter-langgraph.md. Boundary markers: The SDK employs routing logic to identify and halt execution for client-defined tools on the server side, ensuring they are only processed by the client. Capability inventory: The server facilitates tool execution through standard Node.js and SDK-specific environments. Sanitization: The provided code examples do not include explicit sanitization of client-provided tool metadata, representing a surface for potential model-level deception.
Audit Metadata