dynamic-api-integration
Fail
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill documents an execution pattern that pipes remote content from a curl command directly into the node interpreter. Although the examples utilize the -e flag for JSON parsing, this methodology presents a significant risk as it encourages the agent to process untrusted remote data through a powerful script engine. Automated security scans have flagged this as a remote code execution vulnerability.
- [COMMAND_EXECUTION]: The skill's primary function involves constructing and executing complex bash and curl commands at runtime. This provides a broad attack surface for command injection if API endpoints or parameters are not strictly validated or if the agent is manipulated into executing arbitrary shell commands.
- [DATA_EXFILTRATION]: Instructions facilitate the inclusion of sensitive authentication credentials in outbound HTTP requests. While the skill advocates for the use of environment variables, there is a risk of credential exfiltration if the agent is directed to a malicious URL or if request headers are intercepted.
- [PROMPT_INJECTION]: The skill exhibits a high susceptibility to indirect prompt injection. 1. Ingestion points: External API responses fetched via WebFetch and curl in SKILL.md. 2. Boundary markers: No delimiters or explicit warnings to ignore embedded instructions are used in the documentation. 3. Capability inventory: The skill possesses Bash, WebFetch, and WebSearch capabilities. 4. Sanitization: No sanitization, escaping, or validation of remote content is performed before processing.
Recommendations
- HIGH: Downloads and executes remote code from: https://api.example.com/search?q=test - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata