pubfi-dsl-client
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- DATA_EXFILTRATION (LOW): The skill initiates network requests using
curltoapi-stg.pubfi.ai. As this domain is not on the trusted whitelist, it is flagged as a potential data exposure risk. - PROMPT_INJECTION (LOW): The skill is susceptible to indirect prompt injection (Category 8) when converting user intent into DSL requests. Evidence Chain: 1. Ingestion points: User intent entering the agent context during the DSL conversion workflow in SKILL.md. 2. Boundary markers: No explicit delimiters or warnings to ignore embedded instructions are provided for the user intent processing. 3. Capability inventory: Subprocess calls to
curlfor external network operations. 4. Sanitization: Guidance to 'validate the JSON shape' is included in the workflow, but no specific sanitization for text fields is defined.
Audit Metadata