Service Creator
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill features an indirect prompt injection surface as it is designed to ingest data from user-defined external APIs and pass it to an LLM for evaluation via the invoke tool.
- Ingestion points: Service scripts (e.g., reference/templates-stock-monitor.md) fetch data from external URLs.
- Boundary markers: No explicit instructions are provided to use delimiters or 'ignore' instructions when interpolating external data into prompts.
- Capability inventory: The system executes these scripts persistently via the service_start tool.
- Sanitization: Guidelines emphasize response structure validation but do not specify content-based sanitization to mitigate instruction injection.
- [COMMAND_EXECUTION]: The skill uses dynamic script generation and system command execution as part of its core functionality.
- Evidence: The workflow utilizes service_create and service_start to write and execute code on the host system.
- Evidence: The instructions suggest using package managers like Homebrew to install runtimes (e.g., 'brew install node').
- Context: These actions are necessary for the skill's primary purpose and are mitigated by constraints against third-party dependencies and elevated privileges.
Audit Metadata