api-gateway
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTIONNO_CODE
Full Analysis
- [DATA_EXFILTRATION]: The skill facilitates network communication with non-whitelisted domains. It directs the agent to make requests to
gateway.maton.ai,ctrl.maton.ai, andconnect.maton.ai. While these are the primary endpoints for the service, they are not on the list of trusted technology providers or whitelisted domains. - [PROMPT_INJECTION]: The skill presents an extensive surface for indirect prompt injection. It enables the agent to ingest and process data from 100+ external APIs (e.g., Slack, GitHub, HubSpot, Notion) and perform complex operations on those platforms.
- Ingestion points: Response data from proxied API calls across 100+ services (documented in the
references/directory). - Capability inventory: Broad range of CRUD (Create, Read, Update, Delete) operations across various domains including storage, communication, and project management.
- Boundary markers: No explicit boundary markers or instructions to ignore embedded instructions in response data are provided in the gateway documentation.
- Sanitization: The documentation does not specify any sanitization or validation logic applied to data retrieved from external sources before it is processed by the agent.
- [NO_CODE]: No executable code or scripts are shipped directly with the skill. The files consist entirely of Markdown documentation, README files for API providers, and JSON schema files for MCP tools. The risk is derived from the instructions and the capabilities provided to the agent through the documentation.
Audit Metadata