tutorial
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill interacts with the official ExoPriors API at api.exopriors.com. These network operations are directed to a trusted vendor domain and are necessary for the tutorial's functionality.
- [CREDENTIALS_UNSAFE]: The skill manages the EXOPRIORS_API_KEY with explicit security instructions to prevent its exposure in shares or logs.
- [PROMPT_INJECTION]: The skill processes untrusted search results, creating an indirect prompt injection surface. This is mitigated by a mandatory guardrail instruction. 1. Ingestion points: API search result payloads from entities and search functions. 2. Boundary markers: Explicit instructions in the Guardrails section of SKILL.md. 3. Capability inventory: Usage of curl for API communication and local file writes to /tmp/ for query management. 4. Sanitization: Server-side sanitization of share artifacts is documented by the vendor.
Audit Metadata