javascript-sdk
Warn
Audited by Gen Agent Trust Hub on Jul 7, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill's documentation recommends installing an external CLI tool using the command
npx skills add belt-sh/cliinSKILL.md. This command triggers the download and installation of a remote skill from a source that is not listed as a trusted vendor. - [COMMAND_EXECUTION]: Multiple code examples in the reference documentation (
references/agent-patterns.mdandreferences/tool-builder.md) demonstrate the use of theeval()function to process input for a calculator tool (e.g.,result = eval(call.args.expression);). Usingeval()on data provided by an agent or user is a dangerous practice that can lead to arbitrary code execution if the input is not properly sanitized. - [COMMAND_EXECUTION]: The YAML frontmatter in
SKILL.mdrequests execution permissions for several high-privilege package managers and the Node.js runtime (npm,npx,node,pnpm,yarn). While these are necessary for the stated purpose of a JavaScript SDK, they grant the skill the capability to execute arbitrary commands and install third-party packages. - [REMOTE_CODE_EXECUTION]: The skill pattern for 'Internal Tools' in
references/agent-patterns.mdandreferences/tool-builder.mdenables acodeExecution(true)capability. If used in conjunction with untrusted inputs or insufficient human-in-the-loop oversight, this could allow an agent to execute malicious scripts on the host system.
Audit Metadata