Skills
skills/302ai/302ai-api-integration-skill/302ai-api-integration/Gen Agent Trust Hub

302ai-api-integration

Warn

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
  • [Indirect Prompt Injection] (MEDIUM): The skill ingests untrusted external data which could contain malicious instructions. * Ingestion points: scripts/parse_api_list.py fetches content from https://doc.302.ai/llms.txt. * Boundary markers: Absent. * Capability inventory: The agent uses this data to recommend APIs and generate source code for the user, which could be influenced by malicious content in the fetched list. * Sanitization: Limited to basic regex parsing in parse_llms_txt.
  • [Data Exposure & Exfiltration] (LOW): The skill performs network operations to an external domain (doc.302.ai) which is not on the trusted sources list. Evidence: requests.get in scripts/parse_api_list.py.
  • [Unverifiable Dependencies] (LOW): The skill relies on the requests library for Python as documented in references/parse_script_usage.md.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 16, 2026, 09:56 AM