request-body-validator
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMPROMPT_INJECTIONCOMMAND_EXECUTIONNO_CODE
Full Analysis
- [Indirect Prompt Injection] (MEDIUM): The skill is designed to process untrusted external data (API request bodies) while possessing sensitive capabilities like file modification and network access. This creates an attack surface where instructions embedded in a request body could influence the agent to perform unauthorized actions.
- Ingestion points: API request bodies (as defined in the purpose and triggers).
- Boundary markers: Absent. There are no instructions defining how to distinguish between data and instructions.
- Capability inventory:
Bash(curl:*),Write,Edit,Read,Grep. - Sanitization: Absent. No filtering or escaping logic is provided.
- [Command Execution] (LOW): The skill metadata requests access to
Bash(curl:*). While no malicious commands are present in this version, this permission allows for arbitrary network requests which should be monitored if the skill is expanded. - [No Code] (INFO): The skill contains no executable logic, scripts, or complex instructions, consisting only of descriptive text and metadata.
Audit Metadata