lando
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADS
Full Analysis
- [EXTERNAL_DOWNLOADS] (SAFE): The skill fetches data from
https://lando.services.mozilla.com. As Mozilla is a trusted organization, this network activity is considered safe for its intended purpose. - [COMMAND_EXECUTION] (SAFE): Uses standard tools like
curlandjqto interact with the API. No dangerous command patterns or privilege escalations were detected. - [INDIRECT_PROMPT_INJECTION] (LOW): The skill is susceptible to indirect prompt injection because it ingests data from an external source. Ingestion points: API response from Lando. Boundary markers: None. Capability inventory: curl/shell execution. Sanitization: None. While theoretical, an attacker controlling job metadata could attempt to influence the agent.
Audit Metadata