https-outcalls
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill enables canisters to fetch data from the internet, which introduces a surface for indirect prompt injection. If an agent processes the returned data without sanitization, it could be influenced by malicious instructions embedded in the API responses. * Ingestion points: The fetch_price and post_data functions in SKILL.md retrieve data from external web services. * Boundary markers: None are present in the code templates to delimit untrusted data. * Capability inventory: The skill uses the management canister (aaaaa-aa) to perform network operations. * Sanitization: Transform functions are present but focus on technical consensus rather than security filtering.
- [EXTERNAL_DOWNLOADS]: The skill references the installation of the icp-cli tool via the dfinity Homebrew tap. This is an expected installation step for tools from the authoring organization.
- [DATA_EXFILTRATION]: The skill demonstrates network requests to well-known external services such as api.coingecko.com and httpbin.org. No sensitive data access or unauthorized exfiltration patterns were observed.
Audit Metadata