openproject
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFE
Full Analysis
- [DATA_EXFILTRATION]: The skill accesses a local
.envfile to retrieve OpenProject API credentials and stores a metadata cache in.openproject-config.yml. This is standard configuration and performance optimization behavior for this type of tool.\n- [EXTERNAL_DOWNLOADS]: The skill allows downloading file attachments from the user-configured OpenProject instance. The download locations are provided by the authenticated OpenProject API responses.\n- [SAFE]: The skill usesyaml.safe_load()for configuration parsing, preventing unsafe deserialization risks. Data presented to the agent is sanitized through field extraction in theop.pyCLI tool.\n- [SAFE]: Indirect Prompt Injection surface analysis:\n - Ingestion points: Data from OpenProject API (e.g., Work Package subjects/descriptions) processed in
op.pyand sub-packages.\n - Boundary markers: Not present in the JSON output.\n
- Capability inventory: File writing (
download_attachment), network requests (httpx), and API-based data modification.\n - Sanitization: The skill extracts and structures specific fields before outputting JSON, which reduces the risk of the agent misinterpreting embedded instructions.
Audit Metadata