claude-agent-sdk
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides educational content and code templates rather than active malicious logic. All external references target well-known and trusted services (Anthropic API).
- [DATA_EXPOSURE]: The skill includes patterns for tools that interact with the file system (searching, reading, and writing files). It appropriately addresses the risks associated with these capabilities by including a security checklist that mandates sandboxed environments and input validation.
- [PROMPT_INJECTION]: The provided system prompt template incorporates robust safety constraints, instructing the agent to avoid modifying files outside designated directories and to refrain from executing dangerous commands or exposing sensitive data.
- [COMMAND_EXECUTION]: While the system prompt template mentions 'Running commands', no actual implementation code for executing shell commands is provided. The inclusion of this capability in the template is consistent with the stated purpose of building a coding agent, and it is governed by the included safety constraints.
Audit Metadata