Skills
skills/martinacostadev/skill-api-regimen-transparencia-bcra/bcra-transparencia/Gen Agent Trust Hub

bcra-transparencia

Pass

Audited by Gen Agent Trust Hub on Mar 12, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill facilitates data retrieval from the official Banco Central de la República Argentina API (api.bcra.gob.ar), which is a legitimate and well-known government service. All network activity is restricted to this domain.\n- [COMMAND_EXECUTION]: The script scripts/bcra_query.mjs handles command-line arguments by validating the requested endpoint against a predefined whitelist. This prevents path traversal or the construction of unauthorized API requests.\n- [DATA_EXFILTRATION]: No sensitive data access was detected. The skill does not interact with local credentials, SSH keys, or environment variables.\n- [PROMPT_INJECTION]: The skill has an attack surface for indirect prompt injection via data returned from the BCRA API.\n
  • Ingestion points: Data is fetched from api.bcra.gob.ar via a fetch request in scripts/bcra_query.mjs.\n
  • Boundary markers: None; the script returns raw JSON to the agent without specific delimiters or instructions to ignore embedded content.\n
  • Capability inventory: The skill has network access for information retrieval but lacks dangerous capabilities such as file system write access or subprocess execution.\n
  • Sanitization: No text filtering or sanitization is performed on the API response. However, the risk is negligible as the data source is a verified government institution.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 12, 2026, 12:51 AM