tooluniverse-custom-tool
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill provides comprehensive documentation and code templates for extending ToolUniverse with custom REST and Python-based tools. It correctly handles security concerns by recommending environment variables (".tooluniverse/.env") for sensitive credentials rather than hardcoding them in tool configuration files.
- [PROMPT_INJECTION]: The skill defines a framework for ingesting data from external APIs, which naturally presents an indirect prompt injection surface. It provides built-in mitigation strategies by teaching users how to use "return_schema" validation to verify the integrity and structure of ingested data.
- Ingestion points: External REST API responses processed via "requests.get" or "urllib.request.urlopen" as described in SKILL.md and references/python-tool.md.
- Boundary markers: While not explicitly requiring prompt delimiters, the skill encourages specific tool descriptions and schema validation to constrain the model's interpretation of tool outputs.
- Capability inventory: Tools built using this guide have network access via Python libraries and filesystem access within the .tooluniverse workspace.
- Sanitization: The documentation explicitly details the implementation of JSON Schema via "return_schema" to validate and sanitize all data returned to the agent context.
Audit Metadata