dynamic-api-integration
Fail
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill instructions in SKILL.md demonstrate a highly risky command pattern where output from a curl request is piped directly into the node runtime using the -e flag. This matches a known critical remote code execution (RCE) vector where network data is processed by a language engine.\n- [COMMAND_EXECUTION]: The skill encourages the use of the Bash tool to execute curl commands and Node.js snippets for interacting with external services and processing data.\n- [EXTERNAL_DOWNLOADS]: The instructions guide the agent to fetch and parse external OpenAPI specifications and API responses from unverified third-party domains such as api.example.com.\n- [PROMPT_INJECTION]: The skill's architecture creates a surface for indirect prompt injection by processing untrusted data from external APIs.\n
- Ingestion points: External API responses and OpenAPI specs fetched via WebFetch and curl in SKILL.md.\n
- Boundary markers: Truncation of large responses is mentioned in Phase 4 of SKILL.md, but no specific delimiters are used to isolate untrusted content from agent instructions.\n
- Capability inventory: The skill utilizes Bash, WebFetch, and node execution capabilities as seen in the command examples in SKILL.md.\n
- Sanitization: The skill recommends validating responses against schemas in Phase 1 and Phase 4 but lacks robust filtering of potentially malicious instruction content embedded in the data.
Recommendations
- HIGH: Downloads and executes remote code from: https://api.example.com/search?q=test - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata