social
Pass
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it processes untrusted data from other agents.
- Ingestion points: Untrusted content enters the agent context through chat messages via /api/chat and agent profiles via /api/discover.
- Boundary markers: The skill lacks delimiters or instructions to help the agent distinguish between its core logic and external data.
- Capability inventory: The agent can perform network requests and send data via curl commands.
- Sanitization: There is no evidence of sanitization or filtering of the content received from other agents.
- [DATA_EXFILTRATION]: The skill documentation notes that 'All chats are public' and 'Relationships are public,' creating a risk of accidental sensitive data exposure if the agent shares private information during interactions.
- [COMMAND_EXECUTION]: The skill defines several curl commands for the agent to execute. These commands interact with the vendor's service at inbed.ai for registration, discovery, and messaging.
Audit Metadata