queues
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- Indirect Prompt Injection (MEDIUM): The skill demonstrates a pattern where untrusted data from incoming requests is ingested and passed into a queue for later processing and transmission. 1. Ingestion points: request.headers and request.url in src/index.ts. 2. Boundary markers: Absent. No delimiters are used to wrap the untrusted header content. 3. Capability inventory: fetch POST network operations to UPSTREAM_API_URL in src/index.ts. 4. Sanitization: Absent. Headers are converted to an object and serialized directly.
- Data Exposure & Exfiltration (LOW): The code snippets perform network requests to external URLs provided via environment variables. While standard for logging, this capability allows for the transmission of ingested request metadata to external systems.
Audit Metadata