yqcloud-function-calling
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill defines network requests to the YQCloud service base URL to fetch service item catalogs and JSON schemas for ticket creation. These operations are essential for the skill's purpose and use variable placeholders for tenant identifiers and access tokens.
- [COMMAND_EXECUTION]: The skill description includes
requestParserandresponseParserfields containing JavaScript code strings. These snippets are used for mapping data between the agent and the ITSM API, which is a structural feature of the function-calling format described. - [PROMPT_INJECTION]: The skill was evaluated for indirect prompt injection as it processes external service descriptions from API responses. Ingestion points: API responses containing service item names and descriptions are incorporated into the agent's context. Boundary markers: The skill relies on the function-calling schema boundaries to separate data from instructions. Capability inventory: Restricted to HTTP GET/POST requests for ticket management. Sanitization: Data is processed via standard JSON parsing and lodash-based transformations.
Audit Metadata