resilience-core
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMDATA_EXFILTRATIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [Data Exposure & Exfiltration] (MEDIUM): The skill mandates routing traffic through third-party proxies (e.g.,
apn-latest.onrender.com,corsproxy.io,wsrv.nl) to bypass regional restrictions. This exposes request metadata and potentially sensitive query information to the operators of these non-whitelisted external services. - [Prompt Injection] (MEDIUM): The skill is designed to ingest and process data from external providers (TMDB, Kinopoisk) and multiple proxies, creating a surface for indirect prompt injection. 1. Ingestion points: Data retrieved from TMDB and Kinopoisk metadata fields. 2. Boundary markers: None described in the skill instructions to delimit untrusted content. 3. Capability inventory: Network communication to multiple external endpoints via
tmdbClient.js. 4. Sanitization: No logic is provided for sanitizing or validating external metadata before it is presented to the agent. - [External Downloads] (LOW): The skill references multiple external domains for data retrieval but does not show patterns of downloading and executing remote scripts or binaries.
Audit Metadata