openfootball
Pass
Audited by Gen Agent Trust Hub on Feb 22, 2026
Risk Level: SAFENO_CODEEXTERNAL_DOWNLOADS
Full Analysis
- No Code (SAFE): The skill consists exclusively of a README file and does not include any executable code or configuration files.
- Unverifiable Dependencies & Remote Code Execution (SAFE): The skill provides instructions for downloading public JSON data from raw.githubusercontent.com. GitHub is a trusted source, and the activity is restricted to data retrieval rather than code execution.
- Indirect Prompt Injection (SAFE): The skill defines a surface for processing external data from a public repository. Evidence Chain: 1. Ingestion points: GitHub JSON match data (README.md). 2. Boundary markers: None specified. 3. Capability inventory: Data fetching and JSON parsing. 4. Sanitization: None specified. The risk is considered negligible due to the reputable data source and structured format.
Audit Metadata