skills/mukul975/anthropic-cybersecurity-skills/exploiting-excessive-data-exposure-in-api/Gen Agent Trust Hub
exploiting-excessive-data-exposure-in-api
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill uses the Python
requestslibrary to fetch data from remote API endpoints for security analysis. - [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted JSON data from external API responses, creating an attack surface for malicious instructions.
- Ingestion points: API responses fetched via
requests.get()inscripts/agent.pyand JSON files loaded viajson.load(). - Boundary markers: No specific boundary markers or instructions are used to separate external data from the agent's core logic.
- Capability inventory: The script can write analysis reports to the local filesystem (
--output) and display findings to the console. - Sanitization: Lacks explicit sanitization of the content fetched from APIs to prevent it from influencing the agent's behavior.
- [SAFE]: The skill is a standard utility for OWASP API3 testing. Disabling SSL certificate verification (
verify=False) is a common practice in security testing tools but should be noted as a security trade-off.
Audit Metadata