api-http-test
Pass
Audited by Gen Agent Trust Hub on Mar 30, 2026
Risk Level: SAFECREDENTIALS_UNSAFEDATA_EXFILTRATIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill collects and stores sensitive authentication data, including passwords, API keys, and bearer tokens, in the
.skills/api-http-test/http.tomlfile. Although the skill attempts to verify that this file is gitignored, the presence of plain-text credentials on the local filesystem represents a security risk.\n- [DATA_EXFILTRATION]: Therun_http.shscript implements functionality to read the content of local files using the--body-fileparameter and transmit the data to external URLs via HTTP requests. This capability can be leveraged to exfiltrate sensitive files if the agent is manipulated.\n- [COMMAND_EXECUTION]: The skill relies on several shell scripts (api_http_test.sh,bootstrap_profile.sh,infer_auth_mode.sh) and embedded Python scripts to perform its operations, including environment setup and request execution.\n- [EXTERNAL_DOWNLOADS]: The skill makes outbound network connections to user-defined endpoints and authentication servers. This is core functionality but involves interaction with external, potentially untrusted sources.\n- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes untrusted data from external sources.\n - Ingestion points: API response bodies and OpenAPI documentation files (
docs/*.yaml).\n - Boundary markers: Not utilized in the processing of external data.\n
- Capability inventory: The agent has the ability to execute shell commands, perform network requests, and read local files.\n
- Sanitization: No sanitization or validation of the content received from API endpoints or documentation is performed before it is presented to the agent's context.
Audit Metadata