brewpage-publish
Pass
Audited by Gen Agent Trust Hub on Apr 1, 2026
Risk Level: SAFEDATA_EXFILTRATIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [DATA_EXFILTRATION]: The skill is designed to transmit user-provided text or local files to the external domain
https://brewpage.app. This creates a surface for data exposure if the agent is instructed to upload sensitive information. - [COMMAND_EXECUTION]: The skill utilizes the Bash tool to execute several commands including
curlfor API interactions,jqfor JSON processing, andfilefor identifying MIME types. These commands are used to process and transmit the data. - [EXTERNAL_DOWNLOADS]: The skill interacts with the external service
brewpage.app, which is managed by the skill author. This involves sending data to an external API endpoint. - [PROMPT_INJECTION]: The skill processes untrusted data (file contents or user arguments) and incorporates them into shell commands. While it uses
jqfor safe encoding, the ingestion of arbitrary data presents a standard indirect prompt injection surface. - Ingestion points: The
$ARGUMENTSvariable and local file contents read via theBashtool inSKILL.md. - Boundary markers: No specific boundary markers or instructions are provided to the model to ignore potential injection patterns within the content being uploaded.
- Capability inventory: The skill possesses network transmission capabilities (
curl) and local file read access (test -f,cat,file) via theBashtool. - Sanitization: The skill employs
jqto safely encode content into JSON payloads, reducing the risk of command injection during the API call construction.
Audit Metadata