ontopo
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns, obfuscation, or unauthorized data exfiltration were detected. The skill interacts exclusively with the public Ontopo API to retrieve restaurant information.- [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection because it processes data from an external source (Ontopo API) such as restaurant descriptions and menus.
- Ingestion points: Data enters the agent's context through API responses handled in
scripts/ontopo-cli.py. - Boundary markers: No specific delimiters or safety instructions are used to separate API-retrieved content from the agent's instructions.
- Capability inventory: The skill is capable of network communication via
httpxbut does not possess dangerous capabilities like file writing or arbitrary command execution. - Sanitization: The script outputs raw text from the API without specific sanitization. This risk is assessed as low and is inherent to the skill's primary function of information retrieval.
Audit Metadata