kto-tourapi-korservice2
Pass
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [SAFE]: The skill contains only markdown files providing instructions, data mapping, and API references. It does not include any Python, Node.js, or shell scripts, eliminating the possibility of direct code-based attacks.
- [EXTERNAL_DOWNLOADS]: The skill references the official South Korean government Open Data portal at
apis.data.go.kr. As a well-known and legitimate service, this reference is considered safe. No other external downloads or untrusted remote resources are utilized. - [CREDENTIALS_UNSAFE]: There are no hardcoded API keys, secrets, or tokens. The instructions explicitly direct the AI agent to redact or mask the
serviceKeywhen outputting final request URLs to the user. - [PROMPT_INJECTION]: The instructions are focused on API workflow, parameter validation, and error handling. No malicious patterns such as instruction overrides, safety filter bypasses, or role-play jailbreaks were detected.
- [DATA_EXFILTRATION]: The skill does not perform any unauthorized data collection or exfiltration. It focuses on facilitating legitimate requests to a public tourism API.
Audit Metadata