pd-shared
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill interacts with the Pipedream API (api.pipedream.com), an established integration service, to handle authentication and proxying for external API calls.
- [COMMAND_EXECUTION]: The skill documentation describes running local CLI tools using 'npx tsx' and utilizing Python for local JSON data processing.
- [PROMPT_INJECTION]: The skill presents an attack surface for indirect prompt injection because it is designed to ingest and process data from over 2,000 different external applications.
- Ingestion points: The agent retrieves data from external apps like Slack, GitHub, or Notion via the generic Pipedream proxy (SKILL.md).
- Boundary markers: No delimiters or ignore-instructions warnings are defined for the content retrieved from these external services.
- Capability inventory: The skill allows for various HTTP operations (GET, POST, etc.) across many platforms, including the ability to write or delete data (SKILL.md).
- Sanitization: There is no mention of sanitizing or validating the external data before it enters the agent's context.
Audit Metadata