spark
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- DATA_EXFILTRATION (LOW): The skill facilitates the transmission of local project context and code snippets to a third-party domain (spark.memco.ai). While it includes warnings against sharing secrets, the primary workflow involves exporting potentially sensitive implementation details to an external service. Evidence: SKILL.md instructions to share solutions and detailed explanations in markdown to the external MCP server.
- PROMPT_INJECTION (LOW): The skill creates a surface for indirect prompt injection. 1. Ingestion points: Data from the Spark knowledge base is ingested via the get_recommendation and get_insights tools defined in reference.md. 2. Boundary markers: The skill includes a general warning but lacks strict delimiters to segregate untrusted insight content from agent instructions. 3. Capability inventory: Coding agents typically have file-write and shell-execution capabilities which could be targeted. 4. Sanitization: No evidence of automated sanitization for the markdown content retrieved from the external API.
Audit Metadata