cloud-api-integration
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: CRITICALPROMPT_INJECTIONDATA_EXFILTRATIONSAFE
Full Analysis
- Prompt Injection (LOW): The skill provides a defensive 'SecurePromptHandler' class that identifies and blocks common prompt injection patterns like 'ignore previous instructions'. While these patterns are present in the text, they are used within a security blocklist to prevent attacks.
- Indirect Prompt Injection (LOW): (1) Ingestion points: The function 'fetch_document(url)' in 'references/security-examples.md' handles untrusted data. (2) Boundary markers: The code explicitly uses delimiters such as '---UNTRUSTED DOCUMENT START---' to isolate external content. (3) Capability inventory: The skill invokes LLM generation capabilities via 'claude.generate' and 'client.generate'. (4) Sanitization: The skill implements regex-based pattern matching and input length constraints to mitigate risks.
- Data Exposure & Exfiltration (SAFE): The skill demonstrates secure credential management using Pydantic 'SecretStr' and provides regex patterns to detect potential exfiltration attempts. Hardcoded keys in the text are non-functional placeholders used for educational purposes.
- Automated Alert Verification (SAFE): The 'logger.info' alert from the URLite scanner is a false positive. The pattern identifies standard Python logging calls (e.g., 'logger.info("cache.hit")') rather than a malicious URL.
Recommendations
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata