api-research
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the curl utility to fetch the first 500 bytes of data from discovered API endpoints for structural validation.
- [EXTERNAL_DOWNLOADS]: The skill references and fetches sample data from numerous well-known public API providers such as NASA, GitHub, and Wikipedia. These are identified as safe and established services.
- [PROMPT_INJECTION]: There is an indirect prompt injection surface as the agent processes untrusted data from web search results and API responses. Ingestion points: Output from web_search and curl. Boundary markers: None. Capability inventory: web_search and curl. Sanitization: The instructions include validation logic requiring the response to be in JSON format, which provides basic structural verification.
Audit Metadata