fracfocus
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes
bash_toolwithcurlandjqfor querying the FracFocus API and parsing disclosure records.\n- [EXTERNAL_DOWNLOADS]: Includes instructions and code to download large public datasets (approx. 430 MB) from the FracFocus data portal for offline analysis.\n- [SAFE]: Disabling SSL certificate verification (-kincurlandssl.CERT_NONEin Python) is documented as a compatibility requirement for the registry's server configuration and does not indicate malicious intent.\n- [PROMPT_INJECTION]: The skill ingests third-party data from the FracFocus API, which creates a surface for indirect prompt injection.\n - Ingestion points: Disclosure records and ingredient lists retrieved from
fracfocus.orgendpoints.\n - Boundary markers: No explicit instructions are provided to the agent to delimit or ignore instructions within the retrieved data.\n
- Capability inventory: Network access for data retrieval and file system access for bulk downloads.\n
- Sanitization: No validation or sanitization of external data is performed before it is presented to the agent.
Audit Metadata