Skills
skills/infisical/ai-skills/infisical-api/Gen Agent Trust Hub

infisical-api

Pass

Audited by Gen Agent Trust Hub on Apr 21, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection. \n
  • Ingestion points: Data is retrieved from external API endpoints, specifically the secret retrieval endpoint GET /api/v4/secrets mentioned in SKILL.md and references/secrets-endpoints.md. \n
  • Boundary markers: There are no instructions defining delimiters or warning the agent to ignore instructions embedded within the retrieved secret values. \n
  • Capability inventory: The skill utilizes curl for network operations to interact with the Infisical API, which could be misused if instructions are injected into secret names or values. \n
  • Sanitization: The skill does not describe or implement any sanitization or validation of the content retrieved from the secrets manager before it enters the agent's context.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 21, 2026, 04:08 AM