aiconfig-update
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- DATA_EXFILTRATION (LOW): The skill makes network requests to app.launchdarkly.com using curl. While this domain is not on the predefined whitelist, it is the appropriate API endpoint for the LaunchDarkly service. No access to sensitive local files was detected.
- COMMAND_EXECUTION (LOW): The skill instructions and documentation include curl commands for interacting with the LaunchDarkly API, which is the primary mechanism for the skill's functionality.
- PROMPT_INJECTION (LOW): The skill allows for updating AI instructions and messages, which constitutes an indirect prompt injection surface. (1) Ingestion points: The instructions and messages fields in the PATCH request examples. (2) Boundary markers: Absent; no delimiting or instruction-ignoring patterns are suggested. (3) Capability inventory: curl-based API modification capabilities. (4) Sanitization: Absent; there is no mention of validating or escaping user-provided instruction content.
Audit Metadata