Skills
skills/machina-sports/sports-skills/volleyball-data/Gen Agent Trust Hub

volleyball-data

Pass

Audited by Gen Agent Trust Hub on Mar 15, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill recommends installing the sports-skills package via PyPI or directly from the author's GitHub repository (github.com/machina-sports/sports-skills.git). These are vendor-owned resources used for the skill's primary functionality.
  • [COMMAND_EXECUTION]: The skill relies on the sports-skills CLI tool to perform data retrieval tasks, such as fetching standings and match results.
  • [PROMPT_INJECTION]: The skill is subject to an indirect prompt injection surface because it retrieves and processes unstructured text from the Nevobo API (e.g., federation news and tournament descriptions).
  • Ingestion points: External data enters the agent context via the get_news and get_tournaments commands from api.nevobo.nl.
  • Boundary markers: The instructions do not define clear boundaries or provide warnings to the agent to ignore instructions embedded within the API data.
  • Capability inventory: The skill has the capability to execute the sports-skills CLI tool and associated Python logic.
  • Sanitization: There is no documented sanitization or validation of the text retrieved from the external API feeds.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 15, 2026, 05:38 AM