labx-api
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [DATA_EXFILTRATION]: The skill documents methods for retrieving API credentials from a local 1Password vault using shell commands. Specifically, it provides the command
op item get "LabX Seller API Token" --vault="Development" --fields credentialto extract the authentication token. This behavior identifies the location and retrieval process for sensitive organizational secrets. - [PROMPT_INJECTION]: The skill is designed to ingest and process data from the LabX marketplace, including listing descriptions, customer inquiries, and order records, which contain content provided by external third parties. This creates an attack surface for indirect prompt injection.
- Ingestion points: The documentation specifies fetching data from endpoints such as
/api/v1/listings,/api/v1/inquiries, and/api/v1/orders/sales(documented inSKILL.md). - Boundary markers: There are no documented delimiters or instructions for the agent to treat data retrieved from the LabX API as untrusted or to ignore embedded instructions within text fields like
descriptionormessage. - Capability inventory: The integration documentation includes capabilities to write data back to the marketplace via
POST /api/v1/listings/uploadand to trigger background synchronization jobs through internal API controllers (such asapp/controllers/api/labx_sync_controller.rb). - Sanitization: The skill reference does not provide evidence of validation, escaping, or filtering of the external content before it is processed or stored.
Audit Metadata