javascript-sdk

Warn

Audited by Gen Agent Trust Hub on Jun 22, 2026

Risk Level: MEDIUMREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The documentation in references/tool-builder.md repeatedly provides code examples (under 'Basic Handler' and 'Complete Example') that use the unsafe eval() function to process expression inputs from the AI agent. This pattern guides developers to create a Remote Code Execution (RCE) vulnerability where an attacker could execute arbitrary code on the host machine by manipulating the agent's output via prompt injection.
  • [EXTERNAL_DOWNLOADS]: The skill facilitates the installation and use of the @inferencesh/sdk package from the npm registry. It also recommends adding the belt-sh/cli skill using npx in the SKILL.md file.
  • [PROMPT_INJECTION]: The skill defines an architecture for agents that process untrusted data, creating an attack surface for indirect prompt injection.
  • Ingestion points: Data enters the agent context through agent.sendMessage() and outputs from tools like appTool or webhookTool as seen in references/agent-patterns.md and references/tool-builder.md.
  • Boundary markers: The provided code examples do not demonstrate the use of delimiters (e.g., XML tags or triple quotes) or 'ignore' instructions to isolate untrusted data during interpolation.
  • Capability inventory: Agents built with this SDK can execute local code (if enabled), access the file system via uploadFile, and perform network operations through the SDK or webhooks.
  • Sanitization: There is no evidence of input validation or output sanitization in the integration patterns provided.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 22, 2026, 04:46 PM