netl-edx
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill is designed to read a local configuration file at
~/.config/netl-edx/credentialsto retrieve API keys. While this is documented as the intended method for credential management, accessing local files containing sensitive information (api_key) is a data exposure risk if the agent is manipulated. - [PROMPT_INJECTION]: The skill ingests untrusted data from the external NETL EDX API, creating a surface for indirect prompt injection.
- Ingestion points: Dataset metadata, resource names, and descriptions are fetched from
edx.netl.doe.govvia the CKAN API. - Boundary markers: The instructions do not specify the use of delimiters or warnings to ignore instructions embedded within the retrieved research data.
- Capability inventory: The skill uses
bash_toolforcurl/jqoperations and Python'surllibfor network requests and file writing. - Sanitization: There is no evidence of sanitization or validation performed on the external content before it is summarized and presented to the user context.
Audit Metadata