api-testing-helper
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- Prompt Injection (HIGH): The skill is highly vulnerable to indirect prompt injection. It is designed to ingest and process data from external APIs (untrusted sources) but lacks any instructions for boundary markers, sanitization, or ignoring embedded instructions. An attacker-controlled API endpoint could return malicious instructions that the agent would then execute.
- Ingestion points: External API responses received via the
Bash(curl:*)tool. - Boundary markers: None specified in the instructions.
- Capability inventory:
Bash(curl:*),Write,Edit,Read,Grep. - Sanitization: No sanitization or validation logic is defined.
- Command Execution (HIGH): The skill explicitly permits
Bash(curl:*). While intended for testing APIs, this provides a direct mechanism for arbitrary network requests, data exfiltration, or downloading and executing scripts if the agent's reasoning is compromised via injection. - External Downloads (MEDIUM): The
Bash(curl:*)capability allows for the download of external content. Without strict URL whitelisting (beyond the wildcard*), this can be used to pull malicious payloads into the environment.
Recommendations
- AI detected serious security threats
Audit Metadata