chat-list
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADS
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The skill provides a
curlcommand to fetch data fromhttps://fullstackrecipes.com/api/recipes/chat-list. This domain is not part of the trusted external sources list. Fetching content directly from an unverified third-party API to 'build' components introduces a supply-chain risk. - INDIRECT_PROMPT_INJECTION (LOW): The skill processes external data to perform its task. There is a risk that the API response could contain instructions designed to manipulate the agent's behavior during the code generation process.
- Ingestion points: The agent is instructed to fetch content via
curlfrom a remote URL. - Boundary markers: No delimiters or safety instructions are provided to the agent regarding the external content.
- Capability inventory: The skill's purpose is to 'build' a page, implying the agent will generate and potentially write code to the local filesystem.
- Sanitization: No sanitization or validation of the remote content is specified.
Audit Metadata