connekt-script-writer
Pass
Audited by Gen Agent Trust Hub on Apr 28, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: All identified operations including network requests and local file interactions are consistent with the skill's stated purpose of facilitating HTTP client scripting and API automation. The documentation correctly encourages the use of environment variables for secrets rather than hardcoding.
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it processes untrusted data from external API responses. 1. Ingestion points: External data ingested via decode, jsonPath, and response body reading in SKILL.md. 2. Boundary markers: No delimiters or boundary markers are established to isolate untrusted data from instructions. 3. Capability inventory: The generated scripts can perform file system reads and execute complex network workflows. 4. Sanitization: No sanitization of external response data is mentioned in the documentation.
Audit Metadata