extruct-api
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a local Python script (
scripts/extruct-api) to perform API operations. This script is implemented using standard Python libraries and follows secure practices. - [EXTERNAL_DOWNLOADS]: The skill makes network requests to the official vendor domain (
api.extruct.ai) for searching and retrieving company data as intended by its design. - [CREDENTIALS_UNSAFE]: The skill handles authentication correctly by using an environment variable (
EXTRUCT_API_TOKEN) rather than hardcoding sensitive credentials. - [SAFE]: The instructions and playbooks (e.g.,
references/finding-companies.md) are focused on legitimate research workflows and do not contain any prompt injection or security bypass attempts. - [PROMPT_INJECTION]: The skill processes data from the Extruct API which may include content sourced from the web.
- Ingestion points: Data is retrieved via
tables dataanddeep-search resultscommands (seeSKILL.md). - Boundary markers: Prompt templates in
references/column-guide.mduse specific structures to contextualize data variables. - Capability inventory: The agent can execute the bundled CLI to perform network operations and update table data within the Extruct platform.
- Sanitization: External content is processed through the Extruct API's structured data environment before being presented to the agent.
Audit Metadata