claude-api
Pass
Audited by Gen Agent Trust Hub on Apr 20, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns, obfuscation, or unauthorized data exfiltration techniques were detected in the provided skill files.
- [EXTERNAL_DOWNLOADS]: Documents the installation of official SDK packages from standard registries such as PyPI and npm, and references documentation from trusted GitHub repositories under the 'anthropics' organization.
- [COMMAND_EXECUTION]: Provides guidance on using the Agent SDK 'Bash' tool for terminal interaction and running MCP servers via 'npx' within a controlled agentic framework.
- [PROMPT_INJECTION]: The skill describes capabilities (Read, Edit, Bash) that process external data, identifying a potential surface for indirect prompt injection. Evidence Chain: 1. Ingestion points: Workspace files and user prompts processed by agents (agent-sdk/README.md); 2. Boundary markers: Not applicable for static documentation; 3. Capability inventory: File system access and shell command execution (agent-sdk/README.md); 4. Sanitization: Implementation examples rely on the Agent SDK's built-in permission systems and human-in-the-loop oversight.
Audit Metadata