my-skill
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes responses from external APIs.\n
- Ingestion points: API responses from Grok, OpenAI, VEO, and KLing via the proxy.fluxapay.xyz domain.\n
- Boundary markers: No specific boundary markers or instructions to ignore embedded commands were found in the skill file.\n
- Capability inventory: The agent uses curl to interact with the network and is instructed to handle payment flows for access.\n
- Sanitization: No sanitization or validation of the API response content is defined in the skill instructions.\n- [EXTERNAL_DOWNLOADS]: The skill performs discovery of API endpoints by making network requests to proxy.fluxapay.xyz, which is a vendor-managed resource associated with the author.\n- [COMMAND_EXECUTION]: The skill provides curl command templates for the agent to interact with the proxy service for discovery and task execution.
Audit Metadata