api-tester
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION] (HIGH): The skill is highly vulnerable to indirect prompt injection because its primary function is to ingest and process data from untrusted external API endpoints.
- Ingestion points: External content enters the agent's context through API responses fetched via
curl,hurl,node, orpython(SKILL.md). - Boundary markers: There are no defined delimiters or instructions to treat API responses as untrusted data, increasing the likelihood the agent will follow commands embedded in JSON/HTML responses.
- Capability inventory: The skill allows the use of
nodeandpython(arbitrary code execution) alongsidecurl(outbound network access), allowing an injection to escalate into full system compromise or data exfiltration. - Sanitization: No sanitization, schema validation, or escaping of external content is mentioned or required.
- [COMMAND_EXECUTION] (MEDIUM): The explicit inclusion of
node,python, andcurlin theallowed-toolsmetadata provides a broad attack surface. While legitimate for API testing, these tools allow the agent to perform complex operations on the host system that could be abused if the agent is manipulated.
Recommendations
- AI detected serious security threats
Audit Metadata