agentica-sdk
Pass
Audited by Gen Agent Trust Hub on Mar 23, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The SDK documentation provides patterns for building agents that ingest untrusted string data and process them using tools like Bash and Write.
- Ingestion points: Arguments to @agentic functions and prompt strings in agent.call() methods in SKILL.md.
- Boundary markers: Examples lack explicit boundary markers or instructions to ignore embedded commands in user data.
- Capability inventory: Agents are shown using tools like Bash, Read, Write, and Edit.
- Sanitization: No evidence of input sanitization or validation logic is presented in the SDK integration patterns.
- [COMMAND_EXECUTION]: The Model Context Protocol (MCP) integration section describes how to configure and execute shell commands to provide tool capabilities to the agent.
- [EXTERNAL_DOWNLOADS]: Examples illustrate fetching and running remote packages via npx during MCP tool initialization.
- [CREDENTIALS_UNSAFE]: Documentation patterns show passing sensitive tokens directly into SDK constructors. While placeholders are used, this promotes a pattern that can lead to hardcoded credentials in user implementations.
Audit Metadata