async-api-caller
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [NO_CODE] (SAFE): The skill consists solely of a markdown file providing metadata and descriptions. No Python scripts, JavaScript files, or shell commands are provided for execution.
- [Indirect Prompt Injection] (SAFE): The skill mentions handling 'webhooks' and 'third-party APIs', which represents a potential ingestion surface for untrusted data. However, as there is no implementation code provided, this is a theoretical surface rather than an active vulnerability.
- Ingestion points:
SKILL.md(documentation mentions webhooks and external APIs) - Boundary markers: Absent (no prompt templates defined)
- Capability inventory:
Bash,Write,Edit,Read,Greptools requested in YAML frontmatter - Sanitization: Not applicable as no code exists to perform data processing
Audit Metadata