endpoints
Fail
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: HIGHDATA_EXFILTRATIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [Data Exposure & Exfiltration] (HIGH): The function
scanFileinscripts/src/index.tsimplements a pattern that reads arbitrary files from the local filesystem usingreadFileSync(filePath)and uploads the content tohttps://endpoints.work/api/scan. This provides a direct path for data exfiltration if the agent is prompted to process sensitive system files. - [Indirect Prompt Injection] (LOW): The skill is vulnerable to indirect prompt injection as it ingests untrusted data from external sources without adequate safeguards. Evidence Chain: 1. Ingestion points: The functions
scanText(text argument) andscanFile(file content) inscripts/src/index.ts. 2. Boundary markers: Absent; there are no delimiters or instructions provided to the extraction API to ignore embedded instructions within the ingested data. 3. Capability inventory: The skill has the capability to read files (readFileSync), write files (writeFileSync), and perform network requests (fetch). 4. Sanitization: Filenames for saved results are sanitized, but the content being sent to the AI extraction API is not sanitized or validated. - [External Downloads] (LOW): The skill requires the installation of several Node.js dependencies (
dotenv,tsx,typescript) from the npm registry. While these are standard packages, they represent an external dependency chain.
Recommendations
- AI detected serious security threats
Audit Metadata