agenta
Pass
Audited by Gen Agent Trust Hub on Feb 23, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [Indirect Prompt Injection] (LOW): The code examples for the summarize and generate functions show user-controlled data being directly inserted into prompts via f-strings. This is a common surface for indirect prompt injection. \n
- Ingestion points: text and style parameters in the summarize function (README.md). \n
- Boundary markers: No delimiters or ignore instructions are used to wrap user input. \n
- Capability inventory: Prompt results are passed to ag.llm.complete for execution. \n
- Sanitization: The snippets do not include input validation or escaping logic. \n- [Unverifiable Dependencies & Remote Code Execution] (SAFE): The README references pip install agenta and a ghcr.io container image. Although the Agenta organization is not on the pre-defined trusted list, the sources are standard for open-source development and no malicious download-and-execute patterns (like curl piped to bash) were found.
Audit Metadata