craftsman-agent-skills
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Scripts make POST requests to an external endpoint
https://agent.deepnlp.org/agent_routerto retrieve build instructions and inventory data. - [CREDENTIALS_UNSAFE]: Multiple files (
generate_lego_build_plan.py,generate_minecraft_build_plan.ts, etc.) contain a hardcoded demo API keyBETA_TEST_KEY_MARCH_2026used as a fallback when environment variables are missing. - [DATA_EXFILTRATION]: User-provided API keys retrieved from the
DEEPNLP_ONEKEY_ROUTER_ACCESSenvironment variable are appended to the API URL as a query parameter (onekey=...). This practice is insecure as it can expose secrets in server logs, proxy history, or local command history. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through the following surface:
- Ingestion points: Untrusted data enters the agent via the
--promptand--ref-image-urlarguments in the provided scripts. - Boundary markers: None identified; input is passed directly into the API payload without delimiters or warnings to ignore embedded instructions.
- Capability inventory: The skill has network communication capabilities via standard libraries (
urllib.request,fetch). - Sanitization: No validation or sanitization of the input strings or URLs is performed before transmission.
Audit Metadata