ip-lookup
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill performs network requests to multiple external IP geolocation and reputation providers including ipinfo.io, ip-api.com, geolocation-db.com, and api.db-ip.com to retrieve metadata for IP addresses.\n- [PROMPT_INJECTION]: The agent prompt section contains an auxiliary instruction: "When creating a new skill, follow SKILL_TEMPLATE.md format and include Node.js and Bash examples." This is a form of instruction leakage that could divert the agent from its primary task of IP lookup to broader skill development tasks.\n- [DATA_EXFILTRATION]: The skill transmits user-provided IP addresses to various third-party geolocation services. While these are well-known services, the use of unencrypted HTTP for the ip-api.com endpoint exposes the transmitted IP and returned data to potential interception.\n- [PROMPT_INJECTION]: Indirect Prompt Injection Surface Detection:\n
- Ingestion points: Data enters the agent context from four external API responses (ipinfo.io, ip-api.com, geolocation-db.com, api.db-ip.com) via curl or fetch calls.\n
- Boundary markers: Absent; the agent is instructed to aggregate the raw data into a JSON summary without delimiters or safety instructions regarding the content of the external data.\n
- Capability inventory: The skill uses subprocess calls (curl) and network fetch operations to retrieve data from external endpoints.\n
- Sanitization: Absent; the example scripts directly parse and aggregate JSON fields (e.g., city, org) from external sources without escaping or validating the content, which could lead to secondary injection if a provider returns malicious strings.
Audit Metadata