external-provider
Pass
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the
Bashtool to execute a custom CLI utility namedtelclaude. This utility is the primary interface for querying external providers and managing file attachments. - [DATA_EXFILTRATION]: The skill is designed to retrieve sensitive information (health, banking, government data) from external providers. The data is processed through a relay proxy and delivered to the user via a specific outbox directory (
/media/outbox/). This behavior is the intended primary purpose of the skill and includes instructions to avoid direct HTTP calls in favor of the authenticated CLI. - [INDIRECT_PROMPT_INJECTION]: The skill processes data from external providers which represents an injection surface.
- Ingestion points: Data enters the agent context via the JSON output of
telclaude provider-query(SKILL.md). - Boundary markers: None identified; instructions do not explicitly tell the agent to ignore instructions embedded in the provider's JSON response.
- Capability inventory: The agent has access to
Bash(command execution) andRead(file access). - Sanitization: The skill documentation states that a relay proxy intercepts responses to strip inline base64 content and sanitize data before it reaches the agent.
Audit Metadata