slack_report
Pass
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill processes external markdown content, which creates a surface for indirect prompt injection.
- Ingestion points: The
scripts/send_agent_cli_report.pyscript reads markdown from files or standard input. - Boundary markers: No delimiters are used to isolate the markdown content from instructions.
- Capability inventory: The script performs network requests to the
api.fastfold.aiendpoint and reads local files. - Sanitization: No content validation or sanitization is performed on the markdown input.
- [DATA_EXFILTRATION]: The skill accesses the user's Fastfold CLI configuration file at
~/.fastfold-cli/config.jsonto retrieve authentication keys. This is a neutral finding as it involves the vendor's own configuration for its API.
Audit Metadata