skillsmp-search
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill ingests data from the SkillsMP API which is then presented to the agent. This represents an indirect prompt injection surface.
- Ingestion points: scripts/skillsmp_api.py via requests.get().json().
- Boundary markers: Not present.
- Capability inventory: No dangerous local capabilities (e.g., file writes, arbitrary command execution) were detected in any scripts.
- Sanitization: The API response content is not sanitized before being returned to the agent.
- [Data Exposure & Exfiltration] (SAFE): The skill performs network requests to skillsmp.com for its primary purpose. No sensitive local file access or hardcoded credentials were detected.
Audit Metadata