Skills
skills/caoliao/deepscan-skills/deepscan-record-list/Gen Agent Trust Hub

deepscan-record-list

Pass

Audited by Gen Agent Trust Hub on Mar 6, 2026

Risk Level: SAFEDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [DATA_EXFILTRATION]: The skill reads an authentication token from the user's home directory.
  • Evidence: The script scripts/recordlist.py opens and reads the file at ~/.deepscan/token.
  • The token is used in the Authorization: Bearer header for requests to https://data.cli.im/x-deepscan, which is the official endpoint for the vendor's service.
  • [COMMAND_EXECUTION]: The skill relies on executing local Python scripts to interact with the service.
  • Evidence: SKILL.md contains instructions to execute python scripts/recordlist.py and python ../deepscan-task/scripts/task.py.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection via the data it retrieves from the external API.
  • Ingestion points: Data is retrieved from the records and sessions fields of the JSON response from https://data.cli.im/x-deepscan/api/records/getListByTaskId in scripts/recordlist.py.
  • Boundary markers: The instructions do not specify any delimiters or warnings to the agent to ignore instructions embedded within the scan_result or session_name fields.
  • Capability inventory: The skill has the capability to read files from the home directory and perform network operations.
  • Sanitization: There is no evidence of sanitization, escaping, or validation of the content returned by the API before it is rendered into a table for the AI agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 6, 2026, 05:47 PM