box-connector
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [Data Exposure & Exfiltration] (LOW): The skill is configured to access a local JWT configuration file at 'knowledge/personal/box_config.json'. Although necessary for the intended Box authentication, accessing files containing credentials represents a data exposure surface.
- [Indirect Prompt Injection] (LOW): The skill ingests untrusted data from an external cloud service. 1. Ingestion points: Files downloaded from Box and Box search results are brought into the agent context. 2. Boundary markers: The documentation does not specify the use of delimiters or 'ignore' instructions for external content. 3. Capability inventory: The skill has the capability to write to the local file system and perform API search operations. 4. Sanitization: No sanitization or validation of the downloaded content is mentioned before it is processed by the agent.
Audit Metadata