agents-crewai
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill guides users on building agents that ingest data from untrusted sources such as the web (via SerperDevTool) and PDF documents. This creates a vulnerability surface for indirect prompt injection.
- Ingestion points: External data enters through
SerperDevToolandPDFSearchToolinreferences/troubleshooting.md. - Boundary markers: The examples use
expected_outputanddescriptionto define task boundaries, but do not demonstrate explicit escaping or delimiter-based isolation for untrusted input. - Capability inventory: Agents possess network access and file-reading capabilities through their integrated tools.
- Sanitization: The documentation encourages the use of Pydantic models for structured output, which provides data validation but does not fully mitigate instruction injection within the data.
- External Downloads (SAFE): The documentation references the installation of standard, well-known libraries including
crewai,pydantic, andcrewai_toolsvia standard package managers. - Credentials Unsafe (SAFE): While the troubleshooting guide mentions API keys for services like OpenAI and Serper, it correctly suggests using environment variables and provides only placeholders (e.g.,
sk-...), with no actual secrets hardcoded in the files.
Audit Metadata