omnibox-api
Pass
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: SAFEDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill fetches content from external URLs and interacts with an external AI wizard. This introduces a surface for indirect prompt injection where malicious instructions embedded in web pages or AI responses could influence the agent's behavior. * Ingestion points:
urlparameter in collection endpoints and responses from the AI wizard. * Boundary markers: Absent. * Capability inventory: Command execution via curl, file system access for uploads, and resource management. * Sanitization: Not specified in the documentation. - [Data Exposure & Exfiltration] (LOW): The skill performs network requests to
api.omnibox.pro, which is not a pre-approved whitelisted domain, and supports uploading local files to this external service. While this is the intended purpose of the skill, it creates a vector for data exfiltration if the agent is manipulated into uploading sensitive files. - [Command Execution] (SAFE): The skill uses
curlto interact with the API. There is no evidence of arbitrary shell command injection or downloading and executing remote scripts via pipes.
Audit Metadata