javascript-sdk
Pass
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTIONREMOTE_CODE_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The documentation instructs users to install the
@inferencesh/sdkpackage from the npm registry. - [COMMAND_EXECUTION]: The skill describes an opt-in feature to enable code execution and web search capabilities within agents.
- [DATA_EXFILTRATION]: The SDK supports webhooks and file uploads for service integration, with examples provided in the references.
- [PROMPT_INJECTION]: The skill documents ingestion points for untrusted data combined with agent capabilities like network access. This creates a surface for indirect prompt injection, which the skill addresses via human-in-the-loop approval patterns.
- [REMOTE_CODE_EXECUTION]: A tutorial example demonstrates using
eval()to implement a calculator tool, showing a dynamic execution pattern for tool handlers.
Audit Metadata