Skills
skills/besoeasy/open-skills/user-ask-for-report/Gen Agent Trust Hub

user-ask-for-report

Pass

Audited by Gen Agent Trust Hub on Mar 1, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses curl with the -F flag to perform multipart/form-data uploads of local files and generated reports to remote endpoints.
  • [EXTERNAL_DOWNLOADS]: It interacts with external hosting endpoints https://filedrop.besoeasy.com/upload and http://localhost:3232/upload to store and host user-generated content.
  • [DATA_EXFILTRATION]: User-provided content, which the skill notes may include sensitive information like PII or credentials, is transmitted to a public IPFS-based hosting platform (Originless).
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by ingesting untrusted user content and interpolating it directly into the index.html template. Analysis of SKILL.md shows no specified boundary markers or sanitization requirements to prevent malicious scripts from being embedded in the hosted output.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 1, 2026, 04:36 AM