Skills
skills/tul-sh/skills/javascript-sdk/Gen Agent Trust Hub

javascript-sdk

Pass

Audited by Gen Agent Trust Hub on Mar 12, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The documentation in SKILL.md and references/react-integration.md instructs users to download and install the @inferencesh/sdk package from the public NPM registry.
  • [COMMAND_EXECUTION]: Documentation in references/agent-patterns.md and references/tool-builder.md describes how to enable the SDK's built-in code execution capability for agents using the internalTools().codeExecution(true) method.
  • [DYNAMIC_EXECUTION]: Educational code examples in references/agent-patterns.md and references/tool-builder.md demonstrate the use of eval() to process mathematical expressions provided by an agent through a tool call.
  • [PROMPT_INJECTION]: The skill architecture handles untrusted user input via the agent.sendMessage function, as documented in SKILL.md and references/react-integration.md. Ingestion points include direct user messages and file attachments. Capability inventory for agents includes tool execution (e.g., the delete_file example in references/agent-patterns.md), server-side code execution, and network operations via webhook tools. The provided examples do not explicitly demonstrate boundary markers or sanitization for input data.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 12, 2026, 08:26 AM