wow-api-index
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill instructs the agent to fetch documentation from an external, community-editable wiki (warcraft.wiki.gg) when specific information is missing from the local skill set. This creates a surface for indirect prompt injection as external wiki content can be modified by third parties.
- Ingestion points: SKILL.md instructions to fetch from https://warcraft.wiki.gg/wiki/API_.
- Boundary markers: None present; there are no specific instructions or delimiters provided to the agent to ensure fetched content is not treated as authoritative commands.
- Capability inventory: The agent has the capability to browse and ingest web content into its context.
- Sanitization: No sanitization, filtering, or validation of the external content is specified before the agent processes the data.
- [NO_CODE]: The skill consists entirely of Markdown-based lookup tables and documentation reference files. No functional scripts, binaries, or automated command execution logic are included in the skill package.
Audit Metadata