Skills
skills/jeremylongshore/claude-code-plugins-plus-skills/anth-sdk-patterns/Gen Agent Trust Hub

anth-sdk-patterns

Pass

Audited by Gen Agent Trust Hub on May 19, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill provides code templates that interpolate untrusted data directly into API calls, creating a surface for indirect prompt injection.
  • Ingestion points: External data enters the context via the prompt argument in ClaudeService.complete (SKILL.md), the user_message argument in Conversation.say (SKILL.md), and the text and schema_description arguments in extract_structured (SKILL.md).
  • Boundary markers: No delimiters or specific instructions to ignore embedded commands are used to isolate user-provided content from the system instructions.
  • Capability inventory: The provided snippets are limited to network operations with the Anthropic API and do not include file system access or subprocess execution capabilities.
  • Sanitization: No input validation, escaping, or filtering of external content is included in the provided code examples.
Audit Metadata
Risk Level
SAFE
Analyzed
May 19, 2026, 11:06 PM
Security Audit — agent-trust-hub — anth-sdk-patterns