service-qualification-check
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [Data Exposure & Exfiltration] (MEDIUM): The skill directs the agent to use an external MCP server at 'https://telepath.mcpgateway.online/mcp' as a reference endpoint. This domain is not on the trusted sources list. As the skill processes physical addresses provided by users, this information is transmitted to an unverified third party.
- [Indirect Prompt Injection] (MEDIUM): The skill is vulnerable to indirect prompt injection due to its ingestion of untrusted external content with external influence capabilities.
- Ingestion points: User-provided addresses and service types in the skill workflow.
- Boundary markers: None detected; user inputs are directly interpolated into tool calls.
- Capability inventory: Accesses external network resources via tool calls to 'telepath_service_qualification' and 'telepath_list_service_specifications'.
- Sanitization: No evidence of input validation or sanitization before passing data to the MCP tools.
Audit Metadata