using-xrpc-indexer
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADS
Full Analysis
- [Data Exposure & Exfiltration] (LOW): The skill communicates with central-production.up.railway.app. While necessary for its function, this is a non-whitelisted domain on a shared hosting provider, representing a baseline network risk.
- [Indirect Prompt Injection] (LOW): The skill processes untrusted data from an external API, creating a surface for potential indirect prompt injection. Ingestion points: The 'results' returned by the search_cognition function in SKILL.md. Boundary markers: Absent; there are no instructions to the agent to treat this data as untrusted or to ignore embedded commands. Capability inventory: No dangerous capabilities (e.g., subprocess, eval, or file writing) were detected in the provided skill code. Sanitization: Absent; the data is returned directly to the agent in its raw form.
Audit Metadata