Skills
skills/ortus-boxlang/skills/bx-ai-agents/Gen Agent Trust Hub

bx-ai-agents

Pass

Audited by Gen Agent Trust Hub on Apr 26, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill serves as a documentation guide for developers to implement AI agents using the BoxLang aiAgent() built-in function.
  • [COMMAND_EXECUTION]: The documentation includes examples for defining agent tools that execute logic, such as database queries. The provided examples specifically demonstrate the use of parameterized queries (queryExecute) to mitigate SQL injection risks.
  • [CREDENTIALS_UNSAFE]: The skill demonstrates secure handling of sensitive information by showing how to retrieve API keys from environment variables (server.system.environment.MCP_API_KEY) rather than hardcoding them.
  • [INDIRECT_PROMPT_INJECTION]: The framework described is designed to process user-supplied input through the .run() method, which is a standard surface for indirect prompt injection.
  • Ingestion points: User input is ingested via agent.run() and agent.stream() methods as shown in SKILL.md.
  • Boundary markers: No specific delimiters or boundary markers are documented in the generic examples.
  • Capability inventory: Agents are shown to have capabilities including executing tool functions, querying databases, and connecting to Model Context Protocol (MCP) servers.
  • Sanitization: The skill includes a positive example of sanitization through the use of query parameters for database tools to prevent command-level injection.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 26, 2026, 02:16 PM