extruct-api
Pass
Audited by Gen Agent Trust Hub on Mar 22, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill relies on a bundled CLI tool (
extruct-api) to perform all API operations. This tool is resolved using absolute paths to ensure reliability and security within the execution environment. - [SAFE]: No malicious patterns, hardcoded credentials, or unauthorized data exfiltration techniques were detected. Network communication is limited to the official vendor domains (
extruct.ai). - [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection by processing external data (e.g., company news and profiles) retrieved from the Extruct API. 1. Ingestion points: Data from
companies search,deep-search results, andtables data. 2. Boundary markers: No explicit delimiters or instructions to ignore embedded instructions are implemented. 3. Capability inventory: Command execution via the bundled CLI. 4. Sanitization: No content sanitization or validation of the retrieved API data is specified.
Audit Metadata