registry
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTIONNO_CODE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill references remote endpoints for downloading service-specific agent bundles and documentation from the vendor's registry. These downloads are hosted on the author's own infrastructure and are standard for the platform's functionality.- [DATA_EXFILTRATION]: Interaction with the gateway involves the transmission of payment headers and signatures. While essential for the x402 protocol, this process entails sending transaction metadata to the vendor's servers.- [PROMPT_INJECTION]: The skill presents an attack surface for indirect prompt injection by retrieving content from untrusted third-party APIs such as Twitter and Exa.
- Ingestion points: Data from social media posts, web search results, and remote documentation files (skill.md) are loaded into the agent's context.
- Boundary markers: The documentation does not specify the use of clear delimiters or instructions for the agent to ignore potential commands embedded in the external data.
- Capability inventory: The skill facilitates extensive network access to various API endpoints across ten different services.
- Sanitization: There are no documented mechanisms for sanitizing or filtering the content retrieved from external service providers.- [NO_CODE]: The skill is composed entirely of markdown documentation and YAML metadata without any embedded scripts or local executable code.
Audit Metadata