public-data
Pass
Audited by Gen Agent Trust Hub on Apr 13, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill contains an indirect prompt injection surface as it processes data from external APIs that could be manipulated by an attacker.
- Ingestion points: Fetches JSON/XML data from apis.data.go.kr and kosis.kr.
- Boundary markers: No delimiters are used to wrap the untrusted API data.
- Capability inventory: The skill can perform network operations and pass data to visualization tools.
- Sanitization: There is no mention of content filtering or validation for the incoming data.
- [DATA_EXFILTRATION]: The skill performs legitimate network operations to official data providers.
- The skill communicates with official South Korean government domains (apis.data.go.kr) and the national statistical service (kosis.kr).
- It securely manages user-provided API keys by storing them in a local environment file (moai-credentials.env) rather than hardcoding them.
Audit Metadata