Skills
skills/obcraft/apiosk-publish-skill/apiosk-publish/Gen Agent Trust Hub

apiosk-publish

Warn

Audited by Gen Agent Trust Hub on Feb 26, 2026

Risk Level: MEDIUMDATA_EXFILTRATIONPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [DATA_EXFILTRATION]: The skill accesses sensitive file paths to load wallet credentials.
  • Evidence: auth-utils.sh reads ~/.apiosk/wallet.json to retrieve a private key and wallet address.
  • Context: These credentials are used locally by the cast utility to sign authentication headers (x-wallet-signature) for requests sent to https://gateway.apiosk.com.
  • [PROMPT_INJECTION]: The skill possesses an attack surface for indirect prompt injection due to the ingestion of untrusted data.
  • Ingestion points: The register-api.sh and update-api.sh scripts accept user-controlled strings for fields such as --name, --description, and --endpoint.
  • Boundary markers: Absent. The skill does not employ delimiters or instructions to ignore potential commands embedded within the user-supplied data.
  • Capability inventory: The skill executes network operations via curl (POST, GET, DELETE) and performs cryptographic signing using cast.
  • Sanitization: The scripts use jq to safely interpolate data into JSON payloads, which prevents structure-level injection but does not sanitize the content of the strings themselves.
  • [COMMAND_EXECUTION]: The skill relies on several shell-based utilities for its core logic.
  • Evidence: Scripts invoke curl for network communication, jq for JSON processing, and cast for wallet interactions.
  • Context: These are executed as subprocesses using command-line arguments derived from user input and local configuration files.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 26, 2026, 07:37 PM