Skills
skills/aradotso/ai-agent-skills/open-agent-sdk-typescript/Gen Agent Trust Hub

open-agent-sdk-typescript

Warn

Audited by Gen Agent Trust Hub on May 17, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill documents and provides examples for tools that execute shell commands (Bash, BashSession). While intended for development tasks, this provides a direct path for command execution if the agent processes untrusted input without proper sanitization.
  • [DYNAMIC_EXECUTION]: An example calculator tool utilizes the Function() constructor to evaluate mathematical expressions. This pattern is equivalent to using eval() and can lead to arbitrary JavaScript execution if the input string is not strictly validated.
  • [EXTERNAL_DOWNLOADS]: The documentation demonstrates the integration of external Model Context Protocol (MCP) servers using npx (e.g., @modelcontextprotocol/server-filesystem). This involves downloading and executing third-party code from the NPM registry at runtime.
  • [PROMPT_INJECTION]: Multiple examples configure the agent with permissionMode: "bypassPermissions". This setting suppresses user confirmation prompts for sensitive operations like file deletion or shell execution, increasing the impact of potential prompt injection attacks.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 17, 2026, 11:57 AM
Security Audit — agent-trust-hub — open-agent-sdk-typescript