api-gateway
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill facilitates data ingestion from over 100 external sources, creating a significant attack surface for indirect prompt injection.
- Ingestion points: Data from a wide range of services, including communication platforms (Slack, WhatsApp), productivity tools (Notion, Google Workspace), and CRM systems (HubSpot, Salesforce), enter the agent's context as untrusted strings.
- Boundary markers: The skill does not define delimiters or provide specific instructions to the agent to treat API responses as untrusted or to ignore instructions embedded within them.
- Capability inventory: The agent is provided with capabilities to perform create, update, and delete operations across these platforms, which could be exploited via malicious input from an external service.
- Sanitization: No sanitization, escaping, or schema validation of external content is performed before interpolation into prompts.
- [DATA_EXFILTRATION]: The skill instructs the agent to transmit its MATON_API_KEY to external service domains.
- Evidence: Examples in SKILL.md demonstrate sending the API key in the Authorization header to gateway.maton.ai and ctrl.maton.ai.
- [COMMAND_EXECUTION]: The documentation provides multiline Python scripts using heredoc syntax for the agent to execute.
- Evidence: Snippets using 'python <<'EOF'' are used throughout the quick start and troubleshooting sections to interact with the gateway endpoints.
Audit Metadata