api-response-cacher
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill is designed to handle and cache external API responses, which are attacker-controlled data sources. Without explicit instructions to ignore embedded commands or use delimiters, an agent could follow malicious instructions contained within an API payload.
- Ingestion points: External API responses mentioned in the 'When to Use' and 'Capabilities' sections.
- Boundary markers: Absent. The skill provides no delimiters or instructions to isolate external data.
- Capability inventory: The skill allows 'Bash', 'Write', 'Edit', 'Read', and 'Grep', which are highly exploitable if the agent is manipulated by input data.
- Sanitization: Absent. No validation or filtering logic is specified for the data being cached.
- [Command Execution] (MEDIUM): The skill requests permission for the 'Bash' tool to perform API caching tasks. This violates the principle of least privilege, as these operations can typically be performed using safer, more restricted tools. Shell access increases the potential impact of an injection attack.
Recommendations
- AI detected serious security threats
Audit Metadata