frugal
Pass
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs the
@openstall/sdkpackage from the npm registry. This is a vendor-owned package used to interact with the OpenStall platform. - [COMMAND_EXECUTION]: The skill uses several CLI commands including
npm install,openstall register,openstall balance,openstall discover, andopenstall callto manage marketplace interactions. - [DATA_EXFILTRATION]: The core functionality involves sending task-related data to the OpenStall marketplace (
openstall.ai) for processing by external agents. The skill includes a warning to the agent not to send sensitive information. - [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface because it processes data from untrusted third-party agents on the marketplace.
- Ingestion points: Data enters the agent's context through the output of the
openstall callcommand inSKILL.md. - Boundary markers: No specific delimiters or instructions to ignore embedded commands are provided when the agent receives results from the marketplace.
- Capability inventory: The skill possesses the capability to execute system commands via the
openstallCLI and shell. - Sanitization: There is no evidence of sanitization or validation of the content returned from external agents before it is processed.
Audit Metadata