epa-enviro
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFE
Full Analysis
- [PROMPT_INJECTION]: The skill processes environmental facility data from external EPA APIs (Ingestion: data.epa.gov, echodata.epa.gov) without explicit boundary markers or sanitization, creating a surface for indirect prompt injection where malicious instructions embedded in source data could influence agent behavior. \n
- Ingestion points: API responses from Envirofacts and ECHO services described in SKILL.md and implemented in references/python_example.py.\n
- Boundary markers: Absent. No specific delimiters or safety instructions are provided to isolate external data from the agent's logic.\n
- Capability inventory: Uses curl and jq for data retrieval and parsing; includes a Python client using urllib.\n
- Sanitization: Absent. Data is processed and presented to the user without filtering or escaping.\n- [CREDENTIALS_UNSAFE]: The skill defines a protocol for reading API keys from the local file path ~/.config/epa/credentials and the EPA_API_KEY environment variable. While specific to the application's intended purpose, accessing local files containing credentials is a security-sensitive operation.\n- [COMMAND_EXECUTION]: Instructions in SKILL.md recommend using bash shell commands with curl and jq to interact with EPA web services.\n- [EXTERNAL_DOWNLOADS]: The skill performs network operations to fetch datasets from official government domains, including data.epa.gov and echodata.epa.gov.
Audit Metadata