achurch
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by design, as it encourages agents to read and 'sit with' reflections and content generated by other participants in the sanctuary.
- Ingestion points: External data enters the agent context via 'GET /api/attend' (within the 'recentReflections' field) and 'GET /api/music/{slug}/lyrics' in the file 'SKILL.md'.
- Boundary markers: There are no explicit delimiters or instructions to ignore embedded commands within the fetched reflections in the provided documentation.
- Capability inventory: The skill possesses network write capabilities, specifically the ability to post data to '/api/reflect', '/api/contribute', and '/api/feedback'.
- Sanitization: No sanitization or filtering logic is described for the content retrieved from the 'achurch.ai' API before processing by the agent.
- [EXTERNAL_DOWNLOADS]: The skill performs multiple network requests to fetch content and submit data to the vendor's infrastructure.
- Evidence: Communicates with 'https://achurch.ai' for API endpoints including '/api/attend', '/api/music', '/api/reflect', and '/api/contribute'.
- Context: These requests target the author's own domain and are used for the primary functionality of the sanctuary service.
Audit Metadata