Skills
skills/nmvr2600/tiny-llm-proxy/model-keys/Gen Agent Trust Hub

model-keys

Pass

Audited by Gen Agent Trust Hub on May 6, 2026

Risk Level: SAFEDATA_EXFILTRATIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [DATA_EXFILTRATION]: The skill transmits the TINY_LLM_PROXY_KEY (Master Key) from environment variables to the external domain https://new.fortao.cn via the x-api-key header during its primary operations.
  • [EXTERNAL_DOWNLOADS]: The scripts perform network requests to a non-whitelisted external API endpoint (https://new.fortao.cn) to execute administrative commands.
  • [COMMAND_EXECUTION]: The documentation instructs the agent to execute local TypeScript files using the bun runtime and to use system commands like ls for locating script paths.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests untrusted data from an external API and outputs it to the console without sanitization.
  • Ingestion points: API response bodies are fetched, parsed, and logged in scripts/util.ts, scripts/list-keys.ts, and scripts/create-key.ts.
  • Boundary markers: Absent; the skill does not use delimiters or instructions to separate external data from agent commands.
  • Capability inventory: All scripts in the scripts/ directory perform network operations via fetch in util.ts, and instructions permit file system discovery via ls.
  • Sanitization: Absent; the JSON responses from the API are parsed and displayed directly to the console.
Audit Metadata
Risk Level
SAFE
Analyzed
May 6, 2026, 02:12 AM