Skills
skills/ilamanov/skills/agent-api-layer/Gen Agent Trust Hub

agent-api-layer

Fail

Audited by Gen Agent Trust Hub on Mar 8, 2026

Risk Level: HIGHDATA_EXFILTRATIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [DATA_EXFILTRATION]: The skill's file upload handling pattern in references/conventions.md explicitly allows the server to read files from absolute paths on the local disk. If the API key is compromised, this provides an attacker with arbitrary file read access on the host system.
  • Evidence: Support for { "type": "path", "value": "/absolute/path/to/file.jpg" } in the upload handling convention.
  • [EXTERNAL_DOWNLOADS]: The recommended implementation for file uploads includes a feature to download content from arbitrary URLs, which creates a vulnerability for Server-Side Request Forgery (SSRF).
  • Evidence: Support for { "type": "url", "value": "https://..." } in references/conventions.md allows the server to initiate outbound network requests to untrusted targets.
  • [COMMAND_EXECUTION]: The skill requires the agent to execute system commands for project verification and testing, which can be exploited if the agent is manipulated into running malicious payloads.
  • Evidence: Phase 3, Step 6 instructs the agent to run lint, typecheck, and test commands, as well as manual curl verification.
  • [PROMPT_INJECTION]: The skill facilitates the creation of an unrestricted control plane for the application, which increases the surface area for indirect prompt injection attacks.
  • Evidence: The skill processes untrusted data from an external agent via generated endpoints under /api/agent/ and provides broad capabilities, including the ability to "do everything a user or admin can do."
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 8, 2026, 02:39 PM