epa-ghg
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Retrieves facility emissions data from the well-known and official EPA Envirofacts API (data.epa.gov). No credentials are required as the data is public.\n- [COMMAND_EXECUTION]: Uses curl and jq via the bash tool to fetch and process JSON data from the EPA API as part of the data analysis workflow.\n- [PROMPT_INJECTION]: The skill processes data from the EPA API, which represents an indirect prompt injection surface.\n
- Ingestion points: API responses from data.epa.gov referenced in SKILL.md and references/python_example.py.\n
- Boundary markers: Data is structured into markdown tables and narrative summaries in the final output to separate it from instructions.\n
- Capability inventory: Uses curl, jq, and Python's urllib for network operations and data transformation.\n
- Sanitization: Employs structured JSON parsing (jq and json.loads) to handle incoming data safely.
Audit Metadata