openhands-api
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill interacts with the OpenHands Cloud API at https://app.all-hands.dev to manage conversations. This is the official service endpoint for the vendor.
- [COMMAND_EXECUTION]: The Python script scripts/openhands_api.py includes a command-line interface for creating and monitoring conversations, including functionality to read from local prompt files.
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection as it interpolates content from local files into API requests.
- Ingestion points: The prompt_file and append_file parameters in scripts/openhands_api.py.
- Boundary markers: Content is concatenated without specific delimiters or instructions to the recipient model to ignore embedded commands.
- Capability inventory: The skill can read local files and perform authenticated network requests to the OpenHands API.
- Sanitization: No sanitization or validation of the file content is performed before transmission.
Audit Metadata