cotizaciones-pix-comparapix
Pass
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (LOW): The skill initiates connections to 'api.comparapix.ar'. This domain is not listed among the trusted external sources, though it is the primary data source for the skill's features.
- [COMMAND_EXECUTION] (SAFE): The skill utilizes 'curl' and 'jq' to fetch and structure JSON data. These operations are limited to data parsing and do not involve execution of remote scripts or arbitrary system commands.
- [PROMPT_INJECTION] (LOW): The skill exhibits a surface for indirect prompt injection by processing external API data without sanitization or boundary markers. 1. Ingestion points: api.comparapix.ar/quotes. 2. Boundary markers: Absent. 3. Capability inventory: Subprocess calls via curl and jq. 4. Sanitization: None. This vulnerability is rated LOW as the skill lacks critical capabilities that could be exploited by malicious data content.
Audit Metadata