epa-ghgrp-subpartw
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [SAFE]: The skill is designed to fetch public regulatory data from the US Environmental Protection Agency (EPA).
- Network operations: The skill uses curl to retrieve JSON data from the enviro.epa.gov domain, which is a well-known government service. These operations are limited to data retrieval (GET requests).
- Data processing: The skill utilizes jq for parsing and aggregating structured data. No dynamic code execution or unsafe script generation patterns were identified.
- Credentials: No API keys, tokens, or other sensitive credentials are required or used.
- [NO_CODE]: The skill consists solely of markdown instructions and documentation, without any included scripts, executables, or binary files.
- [PROMPT_INJECTION]: The skill processes data from an external source (EPA API), representing a surface for indirect prompt injection. Ingestion points: Data is retrieved from the enviro.epa.gov API endpoint. Boundary markers: The skill does not define specific delimiters for external content in its output format. Capability inventory: Capabilities are restricted to read-only network access via curl and data manipulation via jq. Sanitization: While no explicit text sanitization is performed on API fields like facility names, the trusted nature of the government source and the limited capability set mitigate this risk.
Audit Metadata