Skills
skills/manykarim/robotframework-agentskills/robotframework-requests-skill/Gen Agent Trust Hub

robotframework-requests-skill

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [External Downloads] (LOW): The skill references the installation of the 'robotframework-requests' and 'certifi' packages via pip. These are legitimate dependencies but represent external code execution.
  • [Data Exposure & Exfiltration] (LOW): The skill enables network communication with arbitrary non-whitelisted domains (e.g., api.example.com). While necessary for its function as an API client, it establishes a surface for data exfiltration.
  • [Indirect Prompt Injection] (LOW): The skill facilitates the ingestion of data from external APIs via keywords like GET and POST and response properties like response.json(). This external data could contain malicious instructions.
  • Ingestion points: SKILL.md, references/response-validation.md (Keywords: GET, POST, response.json(), response.text).
  • Boundary markers: Not present in code examples.
  • Capability inventory: Network requests (RequestsLibrary), File writing (references/troubleshooting.md).
  • Sanitization: No sanitization logic is demonstrated in the provided examples.
  • [SSL/TLS Security] (LOW): The documentation warns that Create Session has verify=${False} by default and explains how to enable SSL verification. Disabling verification is a significant security risk often used in testing but dangerous in production.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:41 PM