uptime-monitoring
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEDATA_EXFILTRATION
Full Analysis
- [Data Exposure & Exfiltration] (LOW): The skill implements network request capabilities using axios and fetch. While standard for health monitoring, these operations target non-whitelisted domains like api.example.com and user-provided endpoint URLs, creating a low-risk network exposure.
- [Indirect Prompt Injection] (LOW): The skill contains an indirect injection surface through its monitoring capability. (1) Ingestion points: The endpoint.url property in the UptimeMonitor class and records fetched from the uptime_checks database table. (2) Boundary markers: No delimiters or instructions to ignore embedded content are used. (3) Capability inventory: The skill performs network GET requests (axios.get, fetch) and database writes (db.query). (4) Sanitization: No URL validation or allow-listing is present to prevent targeting sensitive internal resources.
Audit Metadata