xctf-data
Pass
Audited by Gen Agent Trust Hub on Apr 27, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches athlete profiles, meet results, and team rosters from
tfrrs.organd news content fromthestridereport.comas part of its core functionality. - [EXTERNAL_DOWNLOADS]: Downloads and installs the
sports-skillsPython package from the vendor's repository atgithub.com/machina-sports/sports-skills.gitduring the setup phase. - [COMMAND_EXECUTION]: Executes the
sports-skillsCLI tool to perform data retrieval and search operations. - [COMMAND_EXECUTION]: Includes a bash script
scripts/validate_params.shdesigned to ensure required arguments are provided to the sports data commands. - [REMOTE_CODE_EXECUTION]: Instructs the agent to perform a
pip installfrom a remote Git URL, which involves the execution of the package's installation scripts. - [PROMPT_INJECTION]: Indirect prompt injection surface identified:
- Ingestion points: External sports data and news summaries are ingested via the
get_athlete_profileandget_newstools. - Boundary markers: No explicit markers or warnings are used to prevent the agent from interpreting instructions that might be embedded in the athlete names, meet descriptions, or news titles.
- Capability inventory: The skill has the capability to execute arbitrary CLI commands provided by the
sports-skillspackage. - Sanitization: No specific sanitization or validation of the retrieved external content is described in the provided files.
Audit Metadata