Skills
skills/michailbul/laniameda-skills/supadata/Gen Agent Trust Hub

supadata

Pass

Audited by Gen Agent Trust Hub on Mar 3, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes data from untrusted external sources, such as YouTube transcripts and scraped web pages.
  • Ingestion points: Data enters the agent context through the /transcript, /extract, and /web/scrape endpoints (documented in SKILL.md).
  • Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present in the provided prompt templates.
  • Capability inventory: The skill performs network operations via the supadata SDK and curl to interact with the vendor API.
  • Sanitization: There is no evidence of sanitization or filtering of the fetched content before it is presented to the agent.
  • [EXTERNAL_DOWNLOADS]: The skill documentation recommends installing the supadata Python package from PyPI and utilizes the api.supadata.ai service.
  • [DATA_EXFILTRATION]: The skill transmits user-provided URLs and metadata to the Supadata API. While this is the intended purpose of the tool, it involves sending data to a non-whitelisted third-party domain.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 3, 2026, 02:53 PM