netl-carbon-storage
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFECREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill provides bash and Go code snippets to retrieve an API key from a local configuration file at
~/.config/netl-edx/credentials. Accessing local credential files is a sensitive operation, although here it is targeted at the skill's specific configuration. - [EXTERNAL_DOWNLOADS]: The skill performs network requests to fetch data from trusted scientific and government domains, specifically
sciencebase.govandedx.netl.doe.gov, using tools likecurlandwget. - [COMMAND_EXECUTION]: The skill instructs the agent to execute system commands including
curl,grep,cut, andjqto manage credentials and process API responses. - [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface because it ingests and processes data from external APIs (ScienceBase and NETL EDX) without implementing explicit sanitization or instruction-isolation boundaries.
- Ingestion points: Data is retrieved from the ScienceBase Catalog API and the NETL EDX CKAN API as documented in
SKILL.mdandreferences/api_reference.md. - Boundary markers: No specific delimiters or "ignore instructions" warnings are used when processing the external data.
- Capability inventory: The skill uses shell commands to fetch and parse data, and provides Go examples for data retrieval. It formats the resulting data into markdown tables for the user.
- Sanitization: No explicit validation or escaping of the remote content is specified before the data is presented to the user.
Audit Metadata