liatrio-brand
Pass
Audited by Gen Agent Trust Hub on Feb 22, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- EXTERNAL_DOWNLOADS (LOW): The skill contains scripts (
scripts/download-brand-assets.shandscripts/fetch-brand-data.sh) that fetch JSON data and image assets fromhttps://www.liatrio.com. These downloads are limited to non-executable media and brand definitions. - COMMAND_EXECUTION (LOW): Provides shell scripts using
curlandjqto fetch and parse external brand data. The commands are transparent and aligned with the skill's primary purpose of maintaining up-to-date brand guidelines. - DATA_EXFILTRATION (SAFE): Network activity is restricted to the official domain associated with the skill. There is no evidence of scripts accessing sensitive local files (like SSH keys or environment variables) or sending data to untrusted third parties.
- PROMPT_INJECTION (SAFE): No instructions designed to bypass safety filters, extract system prompts, or override agent behavior were identified in the markdown or metadata.
- INDIRECT PROMPT INJECTION (LOW): The skill ingests untrusted data from an external API (
liatrio.com/brand-data.json). While this creates a surface for potential injection if the source were compromised, the data is used for visual styling and does not grant the skill high-privilege capabilities.
Audit Metadata