volcengine-api
Pass
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill fetches API service lists, versions, and Swagger specifications from official Volcengine endpoints (
api.volcengine.com). These are vendor-owned resources used for the skill's primary purpose of providing API information. - [DATA_EXFILTRATION]: No sensitive local data or user credentials are transmitted. Network operations are limited to GET requests for public API documentation.
- [INDIRECT_PROMPT_INJECTION]: The skill ingests data from external API explorer endpoints. While this represents a data ingestion surface, the risk is minimal as the content originates from official vendor sources and the skill lacks dangerous capabilities such as file-system modification or command execution.
- Ingestion points: API response data from
api.volcengine.com(SKILL.md). - Boundary markers: Not explicitly defined in instructions to the agent.
- Capability inventory: No subprocess calls, code execution (eval/exec), file-write, or non-vendor network operations detected.
- Sanitization: Standard summaries and tree structures are used to present data to the user.
Audit Metadata