javascript-sdk
Warn
Audited by Gen Agent Trust Hub on Jun 22, 2026
Risk Level: MEDIUMREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The documentation in
references/tool-builder.mdrepeatedly provides code examples (under 'Basic Handler' and 'Complete Example') that use the unsafeeval()function to process expression inputs from the AI agent. This pattern guides developers to create a Remote Code Execution (RCE) vulnerability where an attacker could execute arbitrary code on the host machine by manipulating the agent's output via prompt injection. - [EXTERNAL_DOWNLOADS]: The skill facilitates the installation and use of the
@inferencesh/sdkpackage from the npm registry. It also recommends adding thebelt-sh/cliskill usingnpxin theSKILL.mdfile. - [PROMPT_INJECTION]: The skill defines an architecture for agents that process untrusted data, creating an attack surface for indirect prompt injection.
- Ingestion points: Data enters the agent context through
agent.sendMessage()and outputs from tools likeappToolorwebhookToolas seen inreferences/agent-patterns.mdandreferences/tool-builder.md. - Boundary markers: The provided code examples do not demonstrate the use of delimiters (e.g., XML tags or triple quotes) or 'ignore' instructions to isolate untrusted data during interpolation.
- Capability inventory: Agents built with this SDK can execute local code (if enabled), access the file system via
uploadFile, and perform network operations through the SDK or webhooks. - Sanitization: There is no evidence of input validation or output sanitization in the integration patterns provided.
Audit Metadata