felo-mindmap
Pass
Audited by Gen Agent Trust Hub on Apr 12, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a bundled local Node.js script (
scripts/run_mindmap_task.mjs) to process mindmap generation requests. This is a standard and expected operation for the skill's functionality. - [EXTERNAL_DOWNLOADS]: The skill communicates with the vendor's official API endpoint (
https://openapi.felo.ai/v2/mindmap) to create mindmaps. These network operations are directed to the service provider's infrastructure and are used solely for the stated purpose of the skill. - [PROMPT_INJECTION]: The skill processes user-provided text through the
--queryparameter. This represents a surface for indirect prompt injection where instructions embedded in the user's prompt could theoretically influence the mindmap generation. However, the skill uses structured data transmission (JSON) and interacts with a specific vendor API, which limits the potential impact of such injections.
Audit Metadata